General
-
Target
9c355f67f51dabe24a8cd0374af99c91b2d04a5bb26892f3a92eced0f832b35d.exe
-
Size
666KB
-
Sample
201020-ctk5j1d5tx
-
MD5
803e00b7859763aa8ed80d64017358dc
-
SHA1
0e00b841b9b4d333b79c720c6dda6c46dde49fd1
-
SHA256
9c355f67f51dabe24a8cd0374af99c91b2d04a5bb26892f3a92eced0f832b35d
-
SHA512
a91636b1f765cb205ecfbec01cc4174754766a3ca307d6a2cdccdaec10ebb74885ab41274993a1187a2196ae685ec8e1fe1d2bde1272f19c11d3cdb2323528b1
Malware Config
Extracted
lokibot
http://mecharnise.ir/eb2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9c355f67f51dabe24a8cd0374af99c91b2d04a5bb26892f3a92eced0f832b35d.exe
-
Size
666KB
-
MD5
803e00b7859763aa8ed80d64017358dc
-
SHA1
0e00b841b9b4d333b79c720c6dda6c46dde49fd1
-
SHA256
9c355f67f51dabe24a8cd0374af99c91b2d04a5bb26892f3a92eced0f832b35d
-
SHA512
a91636b1f765cb205ecfbec01cc4174754766a3ca307d6a2cdccdaec10ebb74885ab41274993a1187a2196ae685ec8e1fe1d2bde1272f19c11d3cdb2323528b1
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-