General

  • Target

    ddc578c1206ae9a6cc0a390b23a6160d

  • Size

    234KB

  • Sample

    240325-mdjdksga8v

  • MD5

    ddc578c1206ae9a6cc0a390b23a6160d

  • SHA1

    5edf32fdd396d8508cc6b0ddc081d346fba0dfe2

  • SHA256

    f044a00226c4d35e96a981d767a51b62e3996ba8303c46aca6154948d67db986

  • SHA512

    3c5eed0f03559dca97c58a95ab4224f03ce5350d25e84c9f3124c24d148f63071cf3d59c55fc323ed2a2835c823c94d77adf11b9d408426c77ff480bae62b566

  • SSDEEP

    3072:n9zg0QIGN1MWF/O5KIOZSgyyWQUJnbnNcRaVdK1dFnArywoOLi6Y36T:a0QRbMQO/OZSnzPNLVdAnRwoOLG36T

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ddc578c1206ae9a6cc0a390b23a6160d

    • Size

      234KB

    • MD5

      ddc578c1206ae9a6cc0a390b23a6160d

    • SHA1

      5edf32fdd396d8508cc6b0ddc081d346fba0dfe2

    • SHA256

      f044a00226c4d35e96a981d767a51b62e3996ba8303c46aca6154948d67db986

    • SHA512

      3c5eed0f03559dca97c58a95ab4224f03ce5350d25e84c9f3124c24d148f63071cf3d59c55fc323ed2a2835c823c94d77adf11b9d408426c77ff480bae62b566

    • SSDEEP

      3072:n9zg0QIGN1MWF/O5KIOZSgyyWQUJnbnNcRaVdK1dFnArywoOLi6Y36T:a0QRbMQO/OZSnzPNLVdAnRwoOLG36T

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks