General

  • Target

    68e809fadbe3a668b8cfe500e6cac581.exe

  • Size

    324KB

  • Sample

    230126-qrtcgsdg53

  • MD5

    68e809fadbe3a668b8cfe500e6cac581

  • SHA1

    17d6ee05b98d9e0049fd67131e83a56c99280db0

  • SHA256

    013e2668c87f03a7641fc215bfaf4f7cb7d547d1d74ce62afb423adb53e3b209

  • SHA512

    11b5359f4c6696d975aca3e5f9b8b72979c5e4f12622611b7293f8d4eff251fb0c44fc19d1de7ae4594dd0158bf0d30acccdeba83ddd9b81c6af8f41fb1f5261

  • SSDEEP

    6144:2VLsD3FjAwR7rGgov/O9kYCSZLY0+MOKXoReUT:2V41MUovm9kYCSZsWkcUT

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      68e809fadbe3a668b8cfe500e6cac581.exe

    • Size

      324KB

    • MD5

      68e809fadbe3a668b8cfe500e6cac581

    • SHA1

      17d6ee05b98d9e0049fd67131e83a56c99280db0

    • SHA256

      013e2668c87f03a7641fc215bfaf4f7cb7d547d1d74ce62afb423adb53e3b209

    • SHA512

      11b5359f4c6696d975aca3e5f9b8b72979c5e4f12622611b7293f8d4eff251fb0c44fc19d1de7ae4594dd0158bf0d30acccdeba83ddd9b81c6af8f41fb1f5261

    • SSDEEP

      6144:2VLsD3FjAwR7rGgov/O9kYCSZLY0+MOKXoReUT:2V41MUovm9kYCSZsWkcUT

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks