General
-
Target
RFQ.xls
-
Size
89KB
-
Sample
201204-czm86245tj
-
MD5
5aefdf6afc1e5eb0d642ad7a0c245088
-
SHA1
ad5a6f0bf5b0a8d4d5efcf33ea5d7ce588921a10
-
SHA256
99cf04b4681e23be9445dd54668231f52276645f4c263e4d2c1c730e7d264303
-
SHA512
560af95d15e22b463f99684147862a7a7486a4662afa0e3c52f31bb42bde31b31992fe6ac74c1f1c1a6854f9f996b6f5203e6fba11fa5a093644d7c9e14dd8ad
Malware Config
Extracted
lokibot
http://104.223.143.21/frilt/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ.xls
-
Size
89KB
-
MD5
5aefdf6afc1e5eb0d642ad7a0c245088
-
SHA1
ad5a6f0bf5b0a8d4d5efcf33ea5d7ce588921a10
-
SHA256
99cf04b4681e23be9445dd54668231f52276645f4c263e4d2c1c730e7d264303
-
SHA512
560af95d15e22b463f99684147862a7a7486a4662afa0e3c52f31bb42bde31b31992fe6ac74c1f1c1a6854f9f996b6f5203e6fba11fa5a093644d7c9e14dd8ad
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-