General

  • Target

    e3fdf94c525545a0968150f151e655a8bb0572563ee038673c96d392664ebfb2N

  • Size

    648KB

  • Sample

    241011-lm2e3swfph

  • MD5

    2ac4a1bc2c4293b3f50e6340be1b0340

  • SHA1

    2fe013360108042010caba3a378ac3decd4309b5

  • SHA256

    e3fdf94c525545a0968150f151e655a8bb0572563ee038673c96d392664ebfb2

  • SHA512

    86dc7f310f28e3f600a91a8f5697251a0cf48b5a7a7fcdb907dd471ac3885d6615b57b48e4505c37a3e67360e881e95f2bec29fca4e65ccaf742767a6f01912a

  • SSDEEP

    1536:IzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:bSHIG6mQwGmfOQd8YhY0/EqUG

Malware Config

Extracted

Family

lokibot

C2

http://pkzz.xyz/PKZ/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e3fdf94c525545a0968150f151e655a8bb0572563ee038673c96d392664ebfb2N

    • Size

      648KB

    • MD5

      2ac4a1bc2c4293b3f50e6340be1b0340

    • SHA1

      2fe013360108042010caba3a378ac3decd4309b5

    • SHA256

      e3fdf94c525545a0968150f151e655a8bb0572563ee038673c96d392664ebfb2

    • SHA512

      86dc7f310f28e3f600a91a8f5697251a0cf48b5a7a7fcdb907dd471ac3885d6615b57b48e4505c37a3e67360e881e95f2bec29fca4e65ccaf742767a6f01912a

    • SSDEEP

      1536:IzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:bSHIG6mQwGmfOQd8YhY0/EqUG

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks