General

  • Target

    18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b.exe

  • Size

    96KB

  • Sample

    240522-rn53jseb55

  • MD5

    659a80455fd775588eb78ceda157f9d8

  • SHA1

    9c3508ac928b3c6158dc7d72e7742d988da8cf3c

  • SHA256

    18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b

  • SHA512

    ed6e3a0e70577b959d9f5dbab94a4de15a3cfedf78522f9631bff9946c5bd2dd0e3dc68bfd555158c47a54e6711bb0910004f94bfb8100f789930b7c4d3be7ed

  • SSDEEP

    1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG

Malware Config

Extracted

Family

lokibot

C2

http://45.61.137.215/index.php/3b1tenbkyj

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b.exe

    • Size

      96KB

    • MD5

      659a80455fd775588eb78ceda157f9d8

    • SHA1

      9c3508ac928b3c6158dc7d72e7742d988da8cf3c

    • SHA256

      18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b

    • SHA512

      ed6e3a0e70577b959d9f5dbab94a4de15a3cfedf78522f9631bff9946c5bd2dd0e3dc68bfd555158c47a54e6711bb0910004f94bfb8100f789930b7c4d3be7ed

    • SSDEEP

      1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Tasks