General

  • Target

    af4ec0bc13149037006f88effdbd7643

  • Size

    260KB

  • Sample

    240229-ybpncsad8v

  • MD5

    af4ec0bc13149037006f88effdbd7643

  • SHA1

    533a0dddbdc5339a461b419fb12911219dcac119

  • SHA256

    c589ffaa33d14dab47ceff46ff04c32286f4d14f17ddd9c7cf64b1de69525c48

  • SHA512

    c7cb5933e1472991497ae4fc91495ddecfa78ee2447f536891b91e8f6d01f9e9338dc86cdeee9339ed52a66544b685f1062c05647df32c98d6a0ef284acb8b92

  • SSDEEP

    6144:18hySTUMuJfUqMURwSUZdfDNUahafv9O1Fk4mwyE:KySIMuJfUqMURedfDNUX3I1FKL

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      af4ec0bc13149037006f88effdbd7643

    • Size

      260KB

    • MD5

      af4ec0bc13149037006f88effdbd7643

    • SHA1

      533a0dddbdc5339a461b419fb12911219dcac119

    • SHA256

      c589ffaa33d14dab47ceff46ff04c32286f4d14f17ddd9c7cf64b1de69525c48

    • SHA512

      c7cb5933e1472991497ae4fc91495ddecfa78ee2447f536891b91e8f6d01f9e9338dc86cdeee9339ed52a66544b685f1062c05647df32c98d6a0ef284acb8b92

    • SSDEEP

      6144:18hySTUMuJfUqMURwSUZdfDNUahafv9O1Fk4mwyE:KySIMuJfUqMURedfDNUX3I1FKL

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks