General

  • Target

    3454a09f4f2947a44dbcf91f7aa0714f.bin

  • Size

    477KB

  • Sample

    240529-b7fzrsec92

  • MD5

    ff9a567e05459721cc47b388724a9b7f

  • SHA1

    966b559f7d3f5e002f3164aab38ef66924ddca85

  • SHA256

    2cfea18aa895ddc7d528ff3cee118f793c3f799454f555cb117cf12bd1a474ab

  • SHA512

    9ef5b4c7da86fc252df55566be4c63bf81b0661e08b0e1d7cc3e30b1e5a75a57f35062814b1cd04a1cd153bb14f854937bfb963dffeeffc47127f30f08096317

  • SSDEEP

    12288:QdnqeIDWaDOGSWf8+eSvrzhUFoZA96OcUNzuk0/:QdnzYOGXfZj8Wc6OH1XQ

Malware Config

Extracted

Family

lokibot

C2

http://45.61.137.215/index.php/t?id=090

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      DHL Receipt_20458077822.exe

    • Size

      515KB

    • MD5

      fc82dd607bf8069ac0defcc1cb8d6b38

    • SHA1

      e4e8ffe86a95150190ea0984a6258def94baf231

    • SHA256

      6695845ad86f868589cb2863793a6ede2e84d37ae5aeb9e879e027572d25d8fe

    • SHA512

      a944548df6c16d6f84a7b49994004e408fb0c9b7a4fed4c2a1a7ea911d549377e4bf3a07552aff262fc198697f5c88f58611c0a7e0a3d1ea4c5b38de69327d53

    • SSDEEP

      12288:QuJrYCFd6xtcceSvQmT4REB7PNHdXal7HZsIbHa3dkR:L81xa6vB7jXaAIzGA

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.