General

  • Target

    202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76.exe

  • Size

    534KB

  • Sample

    240308-chvbjadd8t

  • MD5

    4a2201003ea6bdfe56c4308d58e37443

  • SHA1

    899db1f1bcc4df37b06365a84502f897882d24ca

  • SHA256

    202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76

  • SHA512

    6c7cddbd1f623a59b2ab674c53d908bdd6071fff5b068a6f40d0263936c680b42c2762fc0ff5e094476bffc65a0845dd4886dc560c0e87bc566de571280b2dfe

  • SSDEEP

    12288:MymXNjZLA2CtTfImso9/lcZb6SiABO+I4Nd:zttTHt863IO+z

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/c11/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76.exe

    • Size

      534KB

    • MD5

      4a2201003ea6bdfe56c4308d58e37443

    • SHA1

      899db1f1bcc4df37b06365a84502f897882d24ca

    • SHA256

      202bb0c3e66d81f1a6ae9445cb73a640eba568ae43f4078739829facfc6a4a76

    • SHA512

      6c7cddbd1f623a59b2ab674c53d908bdd6071fff5b068a6f40d0263936c680b42c2762fc0ff5e094476bffc65a0845dd4886dc560c0e87bc566de571280b2dfe

    • SSDEEP

      12288:MymXNjZLA2CtTfImso9/lcZb6SiABO+I4Nd:zttTHt863IO+z

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks