General

  • Target

    bbc32ec2aab0a5855f92d70b0a3d1a24

  • Size

    278KB

  • Sample

    240308-vbcr1sch4y

  • MD5

    bbc32ec2aab0a5855f92d70b0a3d1a24

  • SHA1

    9e19eedff8d44c911d857f174f7298fef364e293

  • SHA256

    e34763cde9e7e9a611842a4f45c67e0afb0f9c9d96697e0cf9db98a3834d20d1

  • SHA512

    4e9ddd6fe61c912b152a9ee182b93f4dcb6482a5ee9f221479cf98114665f8e4cdc8d933a7907212722d9d837451ea6af31d4226e7323f2eff7dca8d24e12f7d

  • SSDEEP

    3072:TyLd7y97xi3gU7ruEDOpdu2jVVf7MW7Rnvo/L1jEfQfCnBFIBHj8dZPOwNVXjzos:OLd7yZOrvGuaoSv0LKLnBfZrNVfs8V

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd11/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      bbc32ec2aab0a5855f92d70b0a3d1a24

    • Size

      278KB

    • MD5

      bbc32ec2aab0a5855f92d70b0a3d1a24

    • SHA1

      9e19eedff8d44c911d857f174f7298fef364e293

    • SHA256

      e34763cde9e7e9a611842a4f45c67e0afb0f9c9d96697e0cf9db98a3834d20d1

    • SHA512

      4e9ddd6fe61c912b152a9ee182b93f4dcb6482a5ee9f221479cf98114665f8e4cdc8d933a7907212722d9d837451ea6af31d4226e7323f2eff7dca8d24e12f7d

    • SSDEEP

      3072:TyLd7y97xi3gU7ruEDOpdu2jVVf7MW7Rnvo/L1jEfQfCnBFIBHj8dZPOwNVXjzos:OLd7yZOrvGuaoSv0LKLnBfZrNVfs8V

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks