General

  • Target

    ce85f6ed7367b0ff5b3a2a7c0f03d688

  • Size

    773KB

  • Sample

    240316-t2wgdaef71

  • MD5

    ce85f6ed7367b0ff5b3a2a7c0f03d688

  • SHA1

    13235ccbd9e702ea0fa6f435345bf3a93b47b0cd

  • SHA256

    fdba896912c1dde493e9f989e50defb1a8fed992bb11677f4e5b4bb84e797aea

  • SHA512

    9b257b1ee32469ad9e454e178c925dbb5b8399711617ca0bfc9fc01e749d8ff5af0bfe0d947434fb20c73763c763eeea8a9a0e1ff3e13b3e8485182a7e037311

  • SSDEEP

    12288:5x4FeeJr7uapz/aoSyLGdubJVp5GbjPjF5SN:5x4FhJreoS2pgnPjH

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ce85f6ed7367b0ff5b3a2a7c0f03d688

    • Size

      773KB

    • MD5

      ce85f6ed7367b0ff5b3a2a7c0f03d688

    • SHA1

      13235ccbd9e702ea0fa6f435345bf3a93b47b0cd

    • SHA256

      fdba896912c1dde493e9f989e50defb1a8fed992bb11677f4e5b4bb84e797aea

    • SHA512

      9b257b1ee32469ad9e454e178c925dbb5b8399711617ca0bfc9fc01e749d8ff5af0bfe0d947434fb20c73763c763eeea8a9a0e1ff3e13b3e8485182a7e037311

    • SSDEEP

      12288:5x4FeeJr7uapz/aoSyLGdubJVp5GbjPjF5SN:5x4FhJreoS2pgnPjH

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks