General
-
Target
9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974.exe
-
Size
1.1MB
-
Sample
200523-983qwvbeja
-
MD5
414a1c0b1a1cbc5e902b619f2b6906c3
-
SHA1
69f04a882ef1317757362792c52de5d02f321440
-
SHA256
9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974
-
SHA512
fee97534ad80f270bde7cbabcd994d4656b1be537ed46a635f879fe9417ca70d17c26f0692b3385fe7874a0bba4c4d983efd639d9d957eba5195dad4b0a67e93
Malware Config
Extracted
lokibot
http://zangs.ga/choolee/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974.exe
-
Size
1.1MB
-
MD5
414a1c0b1a1cbc5e902b619f2b6906c3
-
SHA1
69f04a882ef1317757362792c52de5d02f321440
-
SHA256
9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974
-
SHA512
fee97534ad80f270bde7cbabcd994d4656b1be537ed46a635f879fe9417ca70d17c26f0692b3385fe7874a0bba4c4d983efd639d9d957eba5195dad4b0a67e93
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-