General

  • Target

    adf92429a79ead247d654690cc9041ee

  • Size

    692KB

  • Sample

    240229-hwhsjshh95

  • MD5

    adf92429a79ead247d654690cc9041ee

  • SHA1

    b34feeec89c5652a3c19b11ff8e9c1f558ed798b

  • SHA256

    e87bcea0f463cfd3ded9b691a6deaa8fc4fee6f0802e981f3da438d475dc5b11

  • SHA512

    6feef56de1d70d83e01640e6d54ab4322947ee91559498ec7d3195eb50a8a766257f41a7f519cf8cbd08d559bd88ec009598821fbcd30b1f7feedc23daf8fe9d

  • SSDEEP

    12288:SBn0RN617gNm5YnXDdRgMVahjLySXJGrwXhHjRlutLMyn6ah3SlTfKCbmv3j:SBn0RNlDdRg6axmSgkXhD6ZMmSpKCbm7

Malware Config

Extracted

Family

lokibot

C2

http://ctp1.xyz/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      adf92429a79ead247d654690cc9041ee

    • Size

      692KB

    • MD5

      adf92429a79ead247d654690cc9041ee

    • SHA1

      b34feeec89c5652a3c19b11ff8e9c1f558ed798b

    • SHA256

      e87bcea0f463cfd3ded9b691a6deaa8fc4fee6f0802e981f3da438d475dc5b11

    • SHA512

      6feef56de1d70d83e01640e6d54ab4322947ee91559498ec7d3195eb50a8a766257f41a7f519cf8cbd08d559bd88ec009598821fbcd30b1f7feedc23daf8fe9d

    • SSDEEP

      12288:SBn0RN617gNm5YnXDdRgMVahjLySXJGrwXhHjRlutLMyn6ah3SlTfKCbmv3j:SBn0RNlDdRg6axmSgkXhD6ZMmSpKCbm7

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks