General

  • Target

    4faa0f24f8100aac8478d7d90f0b9f2320a81d3fac35e44244c638884352c5b1.exe

  • Size

    96KB

  • Sample

    240509-bwa95sah5t

  • MD5

    2dc4472c7d31c26df08a099d8054a49a

  • SHA1

    c4e13bc38d07910435d459890256f44afd42859f

  • SHA256

    4faa0f24f8100aac8478d7d90f0b9f2320a81d3fac35e44244c638884352c5b1

  • SHA512

    0ad06995cf13eeb83860f3c22831d29c137442826a5cc1e98bb42742f7ed2bbc16e10d8d0daeb4db496e8147e5e85c698e71afe5a0d9234e7a95294c0d5b5033

  • SSDEEP

    1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmd:hSHIG6mQwGmfOQd8YhY0/EKUG

Malware Config

Extracted

Family

lokibot

C2

http://seadrill.top/kelvin/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      4faa0f24f8100aac8478d7d90f0b9f2320a81d3fac35e44244c638884352c5b1.exe

    • Size

      96KB

    • MD5

      2dc4472c7d31c26df08a099d8054a49a

    • SHA1

      c4e13bc38d07910435d459890256f44afd42859f

    • SHA256

      4faa0f24f8100aac8478d7d90f0b9f2320a81d3fac35e44244c638884352c5b1

    • SHA512

      0ad06995cf13eeb83860f3c22831d29c137442826a5cc1e98bb42742f7ed2bbc16e10d8d0daeb4db496e8147e5e85c698e71afe5a0d9234e7a95294c0d5b5033

    • SSDEEP

      1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmd:hSHIG6mQwGmfOQd8YhY0/EKUG

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks