General

  • Target

    bd14c764ee43bda58dca34b77c472f95

  • Size

    1.0MB

  • Sample

    240309-3ep6hsdg83

  • MD5

    bd14c764ee43bda58dca34b77c472f95

  • SHA1

    d48dfaf46a710a70f09af8eaa3b5857b2ed61b16

  • SHA256

    79142fe47b6634871d61167369e050665c4ee7f868b066510bd64c171cef8525

  • SHA512

    85c1c34a6676fcbf11be8261903fcfa494dbdebe349699bb42e918b7cd6b33a787048ed6f1670a047e2a27f6286d14a5fa48ceb83787545f2b15c0ccac3e54e0

  • SSDEEP

    12288:eTVeKoHZwuKkZJo6dj1Uy3o6XlWzx7AnyaUVKnp:fTHSdk3o6dj1Z3o2WxHahp

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      bd14c764ee43bda58dca34b77c472f95

    • Size

      1.0MB

    • MD5

      bd14c764ee43bda58dca34b77c472f95

    • SHA1

      d48dfaf46a710a70f09af8eaa3b5857b2ed61b16

    • SHA256

      79142fe47b6634871d61167369e050665c4ee7f868b066510bd64c171cef8525

    • SHA512

      85c1c34a6676fcbf11be8261903fcfa494dbdebe349699bb42e918b7cd6b33a787048ed6f1670a047e2a27f6286d14a5fa48ceb83787545f2b15c0ccac3e54e0

    • SSDEEP

      12288:eTVeKoHZwuKkZJo6dj1Uy3o6XlWzx7AnyaUVKnp:fTHSdk3o6dj1Z3o2WxHahp

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks