General

  • Target

    DHL Invoice_VTER000108453.rar

  • Size

    500KB

  • Sample

    240530-lfbk3sea42

  • MD5

    e6d03b8e0334f9183706d83345831c2e

  • SHA1

    811b0c0f9e0c645b5cee3a087f2b730758102b4e

  • SHA256

    a8fdce264605a73608c1433119110fa6d45e694e2d0ddea1b371b173343e88d5

  • SHA512

    f0813242ef3c8487a05618a66b83d330989b36719e76710a6a7789a19bbf49d757f3af3ca7dd37c84d2546db6209476c735629460da4a94750c26b7ec5bd2c63

  • SSDEEP

    12288:cBITIMhAP/LPQQBcvErVggwkBCgwf6c+vGF2:c6fhALQQmAggwk5wfQ+g

Malware Config

Extracted

Family

lokibot

C2

http://45.61.137.215/index.php/t?id=090

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      DHL Invoice_VTER000108453.exe

    • Size

      575KB

    • MD5

      13093215128bb309d909dfaa49621cec

    • SHA1

      d3d144ec4da53e4210b80a25fc1157b93b272277

    • SHA256

      5882e17147f1a9dd1ed75dddabbd0ce73b9c7bbb7d5fae7075b0177c9f0c3dc4

    • SHA512

      771487345421f0f6b1d4352e8d4d0296f0724348eb98384164a8b5d661e400a561d922761abc98e86fbef9c0c3e16e9741dfb43942be67281427cb00f09e8ec4

    • SSDEEP

      12288:5+gbnFkdJS4VbUYVFYS8zD2fjs7TApbBJ51VdCqjr7RUEzLVYDXEkR:kCFCScbUZSnjs0jLCqjt3w

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.