General
-
Target
569c41122e32d220bfbaf714d360fa6238f44fe15dd398a5b4d2e05a57a02046.zip
-
Size
3.4MB
-
Sample
201205-kdt2tpkz1a
-
MD5
d25ad537258f2839d416370d568c3a91
-
SHA1
efddcc6245321c06ed1b175b331d6fc414069ce3
-
SHA256
05dd55e06c94d36a0b387a36f212dd45f46e78b8394038949fedb9ace9f285d8
-
SHA512
21b728ab0518ea6d464fd05e7ced47476963c8eabef75f589e6e48bbaa6c6af51ea027c2a89aebd20e5a5a45f304088229d1bc6cf7c22a55edf3b0f2332113c3
Malware Config
Extracted
lokibot
http://omann.ir/walex/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3f6324920b3667fdb510031cc0c53cf5dee6374e7db76efd299c6d556c33eb10
-
Size
3.2MB
-
MD5
aa8e24d4aedd6bff11918e3df13f9a1e
-
SHA1
d519c6786c327f5ccee556f9a9aa8fb55690aab2
-
SHA256
3f6324920b3667fdb510031cc0c53cf5dee6374e7db76efd299c6d556c33eb10
-
SHA512
c288fd5cdafb2bcb47129caeb8ff29ae75dbd33f931003ac8a265f4a84f771d1fed6d3e0bd38933a1918c71e0f95d9cb9fea455df93c5c25660d138d141244e1
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
569c41122e32d220bfbaf714d360fa6238f44fe15dd398a5b4d2e05a57a02046
-
Size
272KB
-
MD5
024cf2c94c771fffe32ec010d9fb786b
-
SHA1
028a67f1e497b2eede0a357a30bfd63dc7acaacb
-
SHA256
569c41122e32d220bfbaf714d360fa6238f44fe15dd398a5b4d2e05a57a02046
-
SHA512
9724f44a8e7e8fdd67570afc3e14c52062f378a4e9d4e5ce3d87cc848cf43394ae583e478739b20a26cfbde5a1da01ce3346c18861e663e9d19157c27b514324
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-