General

  • Target

    221215-mh8h9sfb5w

  • Size

    435KB

  • Sample

    240229-fvzcssee63

  • MD5

    d0685a3e1535e388f7bc2eb4230318d7

  • SHA1

    b5073080b6a4de023015ef3adb6463fa535b71bc

  • SHA256

    1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34

  • SHA512

    72615cdde8ff0673036a850e1a62ae81cc790b6d9a991bfe8f1d3667930c66b7b9ceb2bcde5148a5ca6201a24294d4ecbf2ba6c3b63f92c2de6c4d888a19044a

  • SSDEEP

    6144:BjJCiYRb3lHWJ/AN06K4slx7mpJX9x98qKgZ3zWOlCV3LG50vVzVpTT:79Mb3U/ANDYUXx98jclCV3Li09zDT

Malware Config

Extracted

Family

lokibot

C2

https://efvsx.gq/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      221215-mh8h9sfb5w

    • Size

      435KB

    • MD5

      d0685a3e1535e388f7bc2eb4230318d7

    • SHA1

      b5073080b6a4de023015ef3adb6463fa535b71bc

    • SHA256

      1b574a66c84924886daec4841e1b107258e019aaf6f336329ae8fae7cbd52a34

    • SHA512

      72615cdde8ff0673036a850e1a62ae81cc790b6d9a991bfe8f1d3667930c66b7b9ceb2bcde5148a5ca6201a24294d4ecbf2ba6c3b63f92c2de6c4d888a19044a

    • SSDEEP

      6144:BjJCiYRb3lHWJ/AN06K4slx7mpJX9x98qKgZ3zWOlCV3LG50vVzVpTT:79Mb3U/ANDYUXx98jclCV3Li09zDT

    • Detect ZGRat V1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks