General

  • Target

    c675b7f3ef62d7ef787ad26dc04b1f05

  • Size

    772KB

  • Sample

    240313-v1t3lacg67

  • MD5

    c675b7f3ef62d7ef787ad26dc04b1f05

  • SHA1

    1be4965818a35698f1220e9a85e60603c3c8d735

  • SHA256

    17d834e57da74a4f66bba8b86e498d191ea46e65bd1a4ace8d23c076a6cb90cf

  • SHA512

    ebb41544ff97fef307193a64499048d60ea1900cbee73553dc7b0447186b772f2a40a7c4d092d387e178f31d7b6bd69dcd7de48ba1ced10f62b8c9efe8e61eb9

  • SSDEEP

    12288:xEsswc45xOCrjV4wkaUWTypdAbvwPezzVD92DduR:xEsswc4zDijafTy/m8edJUs

Malware Config

Extracted

Family

lokibot

C2

http://65.21.223.84/~t/i.html/tFOhqWyhkeGEw

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c675b7f3ef62d7ef787ad26dc04b1f05

    • Size

      772KB

    • MD5

      c675b7f3ef62d7ef787ad26dc04b1f05

    • SHA1

      1be4965818a35698f1220e9a85e60603c3c8d735

    • SHA256

      17d834e57da74a4f66bba8b86e498d191ea46e65bd1a4ace8d23c076a6cb90cf

    • SHA512

      ebb41544ff97fef307193a64499048d60ea1900cbee73553dc7b0447186b772f2a40a7c4d092d387e178f31d7b6bd69dcd7de48ba1ced10f62b8c9efe8e61eb9

    • SSDEEP

      12288:xEsswc45xOCrjV4wkaUWTypdAbvwPezzVD92DduR:xEsswc4zDijafTy/m8edJUs

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks