General

  • Target

    d703bde413e9a4aae516f61c28139aea

  • Size

    256KB

  • Sample

    240319-yypa4sec72

  • MD5

    d703bde413e9a4aae516f61c28139aea

  • SHA1

    b46a928e555f14d0c7ca60dbe0bbaff6b2b53d02

  • SHA256

    accb02587a341ce3758463532ca9d2897d517669404c8c8452b005c8fc573f5e

  • SHA512

    95049c298d2365d5e7491703884788fb1e6e1fe2f88e16ef4aa869ed68f9ea2e851f8bc272f839c3f90dbe2c6553e2891269b5b275ebe8b5d74c31da50df244e

  • SSDEEP

    3072:UTGNb5MV0D7p9HKK9jf5UjfRmdk/yVAhOlk2ve+WTDzMoNzveijUAsCt8dCLlNIe:1TfHhmEk/yVAu4H7zGAlsn+nqQqLQ

Malware Config

Extracted

Family

lokibot

C2

http://apponline354.ir/msn/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d703bde413e9a4aae516f61c28139aea

    • Size

      256KB

    • MD5

      d703bde413e9a4aae516f61c28139aea

    • SHA1

      b46a928e555f14d0c7ca60dbe0bbaff6b2b53d02

    • SHA256

      accb02587a341ce3758463532ca9d2897d517669404c8c8452b005c8fc573f5e

    • SHA512

      95049c298d2365d5e7491703884788fb1e6e1fe2f88e16ef4aa869ed68f9ea2e851f8bc272f839c3f90dbe2c6553e2891269b5b275ebe8b5d74c31da50df244e

    • SSDEEP

      3072:UTGNb5MV0D7p9HKK9jf5UjfRmdk/yVAhOlk2ve+WTDzMoNzveijUAsCt8dCLlNIe:1TfHhmEk/yVAu4H7zGAlsn+nqQqLQ

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks