General

  • Target

    179456F7D77CF8B5D90CE2AF2CAA8183E372BEBF53AE3.exe

  • Size

    239KB

  • Sample

    230130-ztvsrsed6s

  • MD5

    3dc2fc6de51eab19a01e2454b1e2722d

  • SHA1

    c479ca87e368bca18cfd5fbae1708eb3ffc5a282

  • SHA256

    179456f7d77cf8b5d90ce2af2caa8183e372bebf53ae3e244f099f7067ae3570

  • SHA512

    d8f136a06ffa18ea46f7ef387d322e904ae197fb0ad8190cd10b28903c8a2bebad5a616d0e4e676a36f76fb0a3e449719776c130e434e2e3ad3b90abe154c91c

  • SSDEEP

    6144:mZa6ALpj3U4r7FLbTaccjyvHF+tsMZabESHPAaV:Ka1uALHab2d+tsMUbdv

Malware Config

Extracted

Family

lokibot

C2

http://31.220.40.22/~lahtipre/lenzman/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      179456F7D77CF8B5D90CE2AF2CAA8183E372BEBF53AE3.exe

    • Size

      239KB

    • MD5

      3dc2fc6de51eab19a01e2454b1e2722d

    • SHA1

      c479ca87e368bca18cfd5fbae1708eb3ffc5a282

    • SHA256

      179456f7d77cf8b5d90ce2af2caa8183e372bebf53ae3e244f099f7067ae3570

    • SHA512

      d8f136a06ffa18ea46f7ef387d322e904ae197fb0ad8190cd10b28903c8a2bebad5a616d0e4e676a36f76fb0a3e449719776c130e434e2e3ad3b90abe154c91c

    • SSDEEP

      6144:mZa6ALpj3U4r7FLbTaccjyvHF+tsMZabESHPAaV:Ka1uALHab2d+tsMUbdv

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks