General

  • Target

    c4be1636416b90739bf31fcdcd07d86d

  • Size

    1.2MB

  • Sample

    240313-cxvkvaad3x

  • MD5

    c4be1636416b90739bf31fcdcd07d86d

  • SHA1

    373fe3871e90067890c4c5fe08a09fbc83915f57

  • SHA256

    c238fb987b9f2749a02c644cf89123f51f8d0bfc6b88cf946effb5f3cf18f8e4

  • SHA512

    46705ebf9933f8d96039bfbc1e54436c3bbf0bc00e8edb2c99c0c43ac30a94414fbdd3920b670ff0f34e5adde4a7310fcbd92a377cb698434bc314cd18fd3fe0

  • SSDEEP

    24576:7ohNBWIOragh1/ha2neSP4KpLuTWV/Nm/y12Nhmi:MqIQagh1jwKpmyYN

Malware Config

Extracted

Family

lokibot

C2

http://65.21.223.84/~t/i.html/crpROu41TGaLY

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c4be1636416b90739bf31fcdcd07d86d

    • Size

      1.2MB

    • MD5

      c4be1636416b90739bf31fcdcd07d86d

    • SHA1

      373fe3871e90067890c4c5fe08a09fbc83915f57

    • SHA256

      c238fb987b9f2749a02c644cf89123f51f8d0bfc6b88cf946effb5f3cf18f8e4

    • SHA512

      46705ebf9933f8d96039bfbc1e54436c3bbf0bc00e8edb2c99c0c43ac30a94414fbdd3920b670ff0f34e5adde4a7310fcbd92a377cb698434bc314cd18fd3fe0

    • SSDEEP

      24576:7ohNBWIOragh1/ha2neSP4KpLuTWV/Nm/y12Nhmi:MqIQagh1jwKpmyYN

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks