General

  • Target

    b253da13f9f3d422640c449b96494a5c

  • Size

    231KB

  • Sample

    240304-rg6eqsdb78

  • MD5

    b253da13f9f3d422640c449b96494a5c

  • SHA1

    d181aadef105972d41c55a671575866a7191a307

  • SHA256

    45bf191a26823f2c36d5b1f74d9505c5ea5caca3f61aa4012a03589cd22b3284

  • SHA512

    aa2a9ee1f4b743264b5b20b94caa132f8701a427e621b82de5243d5a520011725752b4ed7959b32c36597ad73a0e7419015786ff73bbd7133dfb59f2942514f9

  • SSDEEP

    6144:NYMyeZIdtCuz/clFaOL7mMGHDVoLvgxVZyfTof4:6dqlFjGH5oExVov

Malware Config

Extracted

Family

lokibot

C2

http://brokenethicalgod.tk/BN22/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b253da13f9f3d422640c449b96494a5c

    • Size

      231KB

    • MD5

      b253da13f9f3d422640c449b96494a5c

    • SHA1

      d181aadef105972d41c55a671575866a7191a307

    • SHA256

      45bf191a26823f2c36d5b1f74d9505c5ea5caca3f61aa4012a03589cd22b3284

    • SHA512

      aa2a9ee1f4b743264b5b20b94caa132f8701a427e621b82de5243d5a520011725752b4ed7959b32c36597ad73a0e7419015786ff73bbd7133dfb59f2942514f9

    • SSDEEP

      6144:NYMyeZIdtCuz/clFaOL7mMGHDVoLvgxVZyfTof4:6dqlFjGH5oExVov

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks