General
-
Target
Swift-ref_numberINV08800240620_pdf.exe
-
Size
838KB
-
Sample
200715-jz1yc4h7cx
-
MD5
b6fdf5be130ce1b302742fdaa7821a0e
-
SHA1
8b4630f1c4db3286e0dcaa87055e41d7f5614fa1
-
SHA256
3f2ca61d2cac5d0ffadfebe5fb172860081794be504f21ea99d81373f1dda00f
-
SHA512
d4f60f029a0e9f7601f1ab11a6784696b59e73a52a387a0645435851f2746feb4ecc14c9ccbe6baf94441903bb8ed75aadd8ddd345f76e2711dba28a6b13fc43
Malware Config
Extracted
lokibot
http://flexpak-th.com/osama/alhaji/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift-ref_numberINV08800240620_pdf.exe
-
Size
838KB
-
MD5
b6fdf5be130ce1b302742fdaa7821a0e
-
SHA1
8b4630f1c4db3286e0dcaa87055e41d7f5614fa1
-
SHA256
3f2ca61d2cac5d0ffadfebe5fb172860081794be504f21ea99d81373f1dda00f
-
SHA512
d4f60f029a0e9f7601f1ab11a6784696b59e73a52a387a0645435851f2746feb4ecc14c9ccbe6baf94441903bb8ed75aadd8ddd345f76e2711dba28a6b13fc43
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-