General

  • Target

    ad806b1f4cf277ecffdb3c83c1bc7aa8

  • Size

    587KB

  • Sample

    240229-db82sabh27

  • MD5

    ad806b1f4cf277ecffdb3c83c1bc7aa8

  • SHA1

    df861ead314f860f640f9931c7c597603b571d0a

  • SHA256

    533fd8da75df1b1ba32eb92e70fcc930920a8839736e50c043c5df11eed21dd2

  • SHA512

    05907bc7df3e945bb7250fda252bd5d14bf16a789c4df752e8b1c85d78af3638de667a841542d54b31668e0e2815d16e28a7191d6da4338fd44ea9edae711f78

  • SSDEEP

    12288:tzXe9PPlowWX0t6mOQwg1Qd15CcYk0We1rwLsjMi1d6PN54NsLs/ob2k:tahloDX0XOf4Zj11ONSmLs/o1

Malware Config

Extracted

Family

lokibot

C2

http://65.21.223.84/~t/i.html/B0MWbknI2Z7T2

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ad806b1f4cf277ecffdb3c83c1bc7aa8

    • Size

      587KB

    • MD5

      ad806b1f4cf277ecffdb3c83c1bc7aa8

    • SHA1

      df861ead314f860f640f9931c7c597603b571d0a

    • SHA256

      533fd8da75df1b1ba32eb92e70fcc930920a8839736e50c043c5df11eed21dd2

    • SHA512

      05907bc7df3e945bb7250fda252bd5d14bf16a789c4df752e8b1c85d78af3638de667a841542d54b31668e0e2815d16e28a7191d6da4338fd44ea9edae711f78

    • SSDEEP

      12288:tzXe9PPlowWX0t6mOQwg1Qd15CcYk0We1rwLsjMi1d6PN54NsLs/ob2k:tahloDX0XOf4Zj11ONSmLs/o1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks