General
-
Target
CLIDSXX.exe
-
Size
1.0MB
-
Sample
210111-j4t6mckfb6
-
MD5
d684fa1626b63d9a17c8818a63a23975
-
SHA1
58b118874ca88dc269d7345fa84fb33e3e42aab7
-
SHA256
02944dc72a15e92ec94c453c74c9564cb59ac7717dffcb25fa854a2e587fb737
-
SHA512
5f3a889a73b8ace63b9d48518871a0effb65d3581d4fce0bea28576ffdccef6a5d4f8d974f87bf6047ea514748ed88f52572eea8053b4bf4e17e373725ade20b
Malware Config
Extracted
lokibot
http://worldpackmx.com/fretyuil/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
CLIDSXX.exe
-
Size
1.0MB
-
MD5
d684fa1626b63d9a17c8818a63a23975
-
SHA1
58b118874ca88dc269d7345fa84fb33e3e42aab7
-
SHA256
02944dc72a15e92ec94c453c74c9564cb59ac7717dffcb25fa854a2e587fb737
-
SHA512
5f3a889a73b8ace63b9d48518871a0effb65d3581d4fce0bea28576ffdccef6a5d4f8d974f87bf6047ea514748ed88f52572eea8053b4bf4e17e373725ade20b
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-