General

  • Target

    ad92825e2bc4dc8a0402385e1fa515e2

  • Size

    1.2MB

  • Sample

    240229-d16b7acc4w

  • MD5

    ad92825e2bc4dc8a0402385e1fa515e2

  • SHA1

    8856b18cd5b5c597625c6a4197c764994fe6881d

  • SHA256

    04890f9df740295564e37e6a458fc43f1e9ac7d5a038514cf25510474356b4a8

  • SHA512

    6dae4730e9c864e572dea4606b3dcf87ec18f089106539bd964bd644b366283fd7acd71e169b8c773e9a0466b746525e93b0d1685889fc5d5d6e8e469001063f

  • SSDEEP

    24576:tdkblhBJO62Woxe3PNTa631TPHHD89w05o:td41s62WeOTHjOo

Malware Config

Extracted

Family

lokibot

C2

http://kossa.xyz/kl/vz/ri.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ad92825e2bc4dc8a0402385e1fa515e2

    • Size

      1.2MB

    • MD5

      ad92825e2bc4dc8a0402385e1fa515e2

    • SHA1

      8856b18cd5b5c597625c6a4197c764994fe6881d

    • SHA256

      04890f9df740295564e37e6a458fc43f1e9ac7d5a038514cf25510474356b4a8

    • SHA512

      6dae4730e9c864e572dea4606b3dcf87ec18f089106539bd964bd644b366283fd7acd71e169b8c773e9a0466b746525e93b0d1685889fc5d5d6e8e469001063f

    • SSDEEP

      24576:tdkblhBJO62Woxe3PNTa631TPHHD89w05o:td41s62WeOTHjOo

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks