General

  • Target

    376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

  • Size

    611KB

  • Sample

    230127-ke3shabd9v

  • MD5

    0c802d4ef37a0ba9232605f48d0e07b3

  • SHA1

    b8b7afcd7a2f389afcac5c0c3fda472f1fe76290

  • SHA256

    376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

  • SHA512

    b41a109acc1b13f508f0980b068676208bd5ee92ff3b0e17044e7c0d0042ec2e1fca2ba6896461b1cf8b8e05e096718f1f7de726c425b95400396af0f8e367a7

  • SSDEEP

    12288:RY/BFjCfuXdm4S4w1gzs48VUiHUqF/a82lv4b+uze+RjaXsaNCD5bAMI:CXYwAVr0y/a8mAmFra

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

    • Size

      611KB

    • MD5

      0c802d4ef37a0ba9232605f48d0e07b3

    • SHA1

      b8b7afcd7a2f389afcac5c0c3fda472f1fe76290

    • SHA256

      376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

    • SHA512

      b41a109acc1b13f508f0980b068676208bd5ee92ff3b0e17044e7c0d0042ec2e1fca2ba6896461b1cf8b8e05e096718f1f7de726c425b95400396af0f8e367a7

    • SSDEEP

      12288:RY/BFjCfuXdm4S4w1gzs48VUiHUqF/a82lv4b+uze+RjaXsaNCD5bAMI:CXYwAVr0y/a8mAmFra

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks