General

  • Target

    d07fd206bfadd24bc7e4939c7b24e098

  • Size

    327KB

  • Sample

    240317-k8dqgabf4y

  • MD5

    d07fd206bfadd24bc7e4939c7b24e098

  • SHA1

    e829b677f7231c1cf5d544deb6da1a2b2a5bc5ca

  • SHA256

    b236304dad4fcf402b8dddc467038cbaf623284155ccc5671c972f57d238e088

  • SHA512

    830ce2014ebbab8b85a6fa2ec459518b13ea4bb151fbefedb39aef1ff3df2e6d6def4a5ffc84213a4e4e17cb1f1cdc1869d95733a84d7bd471a0b555255f512d

  • SSDEEP

    6144:zYrf0xh3Hfr5YwuLpVvIssmMsvGOBQ5B+e4RYgcEppaL3hdJKCjRX/:8rf0P3HD5YOs3IspR5cEgxFjN

Malware Config

Extracted

Family

lokibot

C2

http://brokenethicalgod.ml/BN11/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d07fd206bfadd24bc7e4939c7b24e098

    • Size

      327KB

    • MD5

      d07fd206bfadd24bc7e4939c7b24e098

    • SHA1

      e829b677f7231c1cf5d544deb6da1a2b2a5bc5ca

    • SHA256

      b236304dad4fcf402b8dddc467038cbaf623284155ccc5671c972f57d238e088

    • SHA512

      830ce2014ebbab8b85a6fa2ec459518b13ea4bb151fbefedb39aef1ff3df2e6d6def4a5ffc84213a4e4e17cb1f1cdc1869d95733a84d7bd471a0b555255f512d

    • SSDEEP

      6144:zYrf0xh3Hfr5YwuLpVvIssmMsvGOBQ5B+e4RYgcEppaL3hdJKCjRX/:8rf0P3HD5YOs3IspR5cEgxFjN

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks