General

  • Target

    2025-06-30_c7bb4b1f9b6e54e6af6a41576aa1fab5_amadey_elex_smoke-loader

  • Size

    345KB

  • Sample

    250630-tghpsaaj2x

  • MD5

    c7bb4b1f9b6e54e6af6a41576aa1fab5

  • SHA1

    b4ace847321da5623bc8b5288520b77fb0228fa3

  • SHA256

    4854aa6c5d66a64af0c7fe0459b24b62ef9c52f92ae533454a3d82f490ebeaf5

  • SHA512

    9b2f4844d12abb7c3644f284848f21b8158e52c7bf35137ccc94d6460b84bc01d059506715ae8d108c86397bd91c5b5555600b1a21fcc02d15593b500b581399

  • SSDEEP

    6144:i6bdQEt5sZrbeTUJZX/lt+h1npVz/xVj2u13dF5y44toDF/PUuXf:iOdTt55UXX/ltIp9ZMu13dF5y7oDFHU

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/ga13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2025-06-30_c7bb4b1f9b6e54e6af6a41576aa1fab5_amadey_elex_smoke-loader

    • Size

      345KB

    • MD5

      c7bb4b1f9b6e54e6af6a41576aa1fab5

    • SHA1

      b4ace847321da5623bc8b5288520b77fb0228fa3

    • SHA256

      4854aa6c5d66a64af0c7fe0459b24b62ef9c52f92ae533454a3d82f490ebeaf5

    • SHA512

      9b2f4844d12abb7c3644f284848f21b8158e52c7bf35137ccc94d6460b84bc01d059506715ae8d108c86397bd91c5b5555600b1a21fcc02d15593b500b581399

    • SSDEEP

      6144:i6bdQEt5sZrbeTUJZX/lt+h1npVz/xVj2u13dF5y44toDF/PUuXf:iOdTt55UXX/ltIp9ZMu13dF5y7oDFHU

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Lokibot family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v16

Tasks