General

  • Target

    vbc.exe.infected

  • Size

    123KB

  • Sample

    240229-jz2v9sbb2v

  • MD5

    d2ce3b2a5f3efb1fcede96304e57a531

  • SHA1

    d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e

  • SHA256

    e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462

  • SHA512

    fd0d0b51000b146049db24ecac27885ff4f688b4e40b42061972d21aaa45f8657437db8f56880f5414f00b5e35febce8a339b1d30bd387f8f11a179b222e828b

  • SSDEEP

    3072:l1NjcVVnLpPunbrclqvVjW/GAk+dOH6yzqwr1O+5ZFy:HNeZmrc+/AkDBzqwwqi

Malware Config

Extracted

Family

lokibot

C2

http://45.133.1.20/oluwa/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      vbc.exe.infected

    • Size

      123KB

    • MD5

      d2ce3b2a5f3efb1fcede96304e57a531

    • SHA1

      d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e

    • SHA256

      e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462

    • SHA512

      fd0d0b51000b146049db24ecac27885ff4f688b4e40b42061972d21aaa45f8657437db8f56880f5414f00b5e35febce8a339b1d30bd387f8f11a179b222e828b

    • SSDEEP

      3072:l1NjcVVnLpPunbrclqvVjW/GAk+dOH6yzqwr1O+5ZFy:HNeZmrc+/AkDBzqwwqi

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

    • Target

      cbgsujmwws.exe

    • Size

      5KB

    • MD5

      f9e42c92e371cedc22c78e2900418651

    • SHA1

      3e99ba4a4a007d2ad1cfa6e3fda91b01a710839d

    • SHA256

      f340bf91627787a2770c897aa9555bb82382cdcc2232904b5707238ab0a85e39

    • SHA512

      7ca0a18f7ae83f0d11d8b33ddca579fb5e5629b5255eebf28b2e256a0b4449f4dee5bdff2ef6f9e1af323a04111a688d9251629ddecb046746978f94d469de05

    • SSDEEP

      96:X5xoZGYXbECrq+M4Ix+MeBZtXIpXSdOWPmoynsx:X5xogYXN24geBZVIpidPPmoyn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks