General

  • Target

    98d09abc36800d204fd55df87679ffb9.exe

  • Size

    1.0MB

  • Sample

    221004-pzmdgaahg8

  • MD5

    98d09abc36800d204fd55df87679ffb9

  • SHA1

    4b02b3b59c0cde3b4dcfeb17c3921ac419a7ebe3

  • SHA256

    6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e

  • SHA512

    1ba1ebfae1a46564e85d6bb29cc63a132b49efd40d6569dd06600cb6d28463fb3ba7c363cba4284798962fe3359a33458c1d40939812b64d93bbea0325a7cb92

  • SSDEEP

    12288:kj+Os4K4HTNanseaQRlHVF7NKViqyqHUP+BYFAaxXeH4N4eXb:NXaQjb7ciwUP+B2LAH46eX

Malware Config

Extracted

Family

lokibot

C2

http://162.0.223.13/?OpqycIYJoIxPvNI7mSRvpEdWbvlzd7L2wbAJUztih08MOR

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      98d09abc36800d204fd55df87679ffb9.exe

    • Size

      1.0MB

    • MD5

      98d09abc36800d204fd55df87679ffb9

    • SHA1

      4b02b3b59c0cde3b4dcfeb17c3921ac419a7ebe3

    • SHA256

      6bd5bbea9b02d99f157e191dbdfe2d772498c3443496738e2c8d92a9617a099e

    • SHA512

      1ba1ebfae1a46564e85d6bb29cc63a132b49efd40d6569dd06600cb6d28463fb3ba7c363cba4284798962fe3359a33458c1d40939812b64d93bbea0325a7cb92

    • SSDEEP

      12288:kj+Os4K4HTNanseaQRlHVF7NKViqyqHUP+BYFAaxXeH4N4eXb:NXaQjb7ciwUP+B2LAH46eX

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks