General

  • Target

    c7544a9a5848057ac5aae2a2955a4fd9

  • Size

    277KB

  • Sample

    240314-btjthahd68

  • MD5

    c7544a9a5848057ac5aae2a2955a4fd9

  • SHA1

    c725b906e7232f5d29c13331777f28d218ccb470

  • SHA256

    f6a0499fae8d86cbb09b9e9067a562ba08a8a25ba190b7bdbd280566bba001e0

  • SHA512

    c8879acf3e519a704b5e3f552936d73cf2ca64e960f1fe5aba2ef8956fb2a9613b364a5fbd33beb3c4dbe6265795f0f8b6172604ef45d335a3b88624ef253ab9

  • SSDEEP

    6144:+fO+80b3VGt1DPGHt0LKh385ZrNVfs8V:yO+8ol2zG4N2

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c7544a9a5848057ac5aae2a2955a4fd9

    • Size

      277KB

    • MD5

      c7544a9a5848057ac5aae2a2955a4fd9

    • SHA1

      c725b906e7232f5d29c13331777f28d218ccb470

    • SHA256

      f6a0499fae8d86cbb09b9e9067a562ba08a8a25ba190b7bdbd280566bba001e0

    • SHA512

      c8879acf3e519a704b5e3f552936d73cf2ca64e960f1fe5aba2ef8956fb2a9613b364a5fbd33beb3c4dbe6265795f0f8b6172604ef45d335a3b88624ef253ab9

    • SSDEEP

      6144:+fO+80b3VGt1DPGHt0LKh385ZrNVfs8V:yO+8ol2zG4N2

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks