General

  • Target

    bd36408416f6306a2b58a98d7e55e867

  • Size

    899KB

  • Sample

    240310-ayql6sfg9z

  • MD5

    bd36408416f6306a2b58a98d7e55e867

  • SHA1

    c25dd278af6dee478489f61d5d91ec3fc7a9a948

  • SHA256

    ac78aaf745e196d41a0b64eee16daed139783443a1596011b94d895ae0adfd5b

  • SHA512

    86ae1013e449ad6c03ce536d662c436f6a60ab5cd828ccabdbfc3b518d9fdbff5215509f569ea8b1c82ba0e6e6e499b871c7c93b53d6e81b15014b16abb87a02

  • SSDEEP

    12288:3IpkNxMdAUCHex7PSM4kk8pGp/1b+QFDLlYe1132s332Hx9KvnYaaN2F1Bso8:XJb6KXP8Y9iQ/rvH2fKvnYaaNwY

Malware Config

Extracted

Family

lokibot

C2

http://185.126.202.111/~client/.ku/sj'x.php/Bym9AruFPmuO6

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      bd36408416f6306a2b58a98d7e55e867

    • Size

      899KB

    • MD5

      bd36408416f6306a2b58a98d7e55e867

    • SHA1

      c25dd278af6dee478489f61d5d91ec3fc7a9a948

    • SHA256

      ac78aaf745e196d41a0b64eee16daed139783443a1596011b94d895ae0adfd5b

    • SHA512

      86ae1013e449ad6c03ce536d662c436f6a60ab5cd828ccabdbfc3b518d9fdbff5215509f569ea8b1c82ba0e6e6e499b871c7c93b53d6e81b15014b16abb87a02

    • SSDEEP

      12288:3IpkNxMdAUCHex7PSM4kk8pGp/1b+QFDLlYe1132s332Hx9KvnYaaN2F1Bso8:XJb6KXP8Y9iQ/rvH2fKvnYaaNwY

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks