General
-
Target
facturas y datos bancarios.PDF____________.bat
-
Size
664KB
-
Sample
210113-x5pvv4nczx
-
MD5
edc929ade67a1bcc92d93e2c52a20d5e
-
SHA1
767689f6e4054a3d80ceafc666882dc0a4f1abb8
-
SHA256
c7165e922003e02118c0d79ab82e5e63c430cf63f41252ad9f968cb7fe3078b9
-
SHA512
2c0cf84126624b469b4a51fff81b4a03f8b493d587eae163e1daf46e16625da56db3153a22725121cc8fafb81b1e3333d9c190ea42ba9afc726fa8faeb1b3ad9
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/dklX59XNxRkB6
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
facturas y datos bancarios.PDF____________.bat
-
Size
664KB
-
MD5
edc929ade67a1bcc92d93e2c52a20d5e
-
SHA1
767689f6e4054a3d80ceafc666882dc0a4f1abb8
-
SHA256
c7165e922003e02118c0d79ab82e5e63c430cf63f41252ad9f968cb7fe3078b9
-
SHA512
2c0cf84126624b469b4a51fff81b4a03f8b493d587eae163e1daf46e16625da56db3153a22725121cc8fafb81b1e3333d9c190ea42ba9afc726fa8faeb1b3ad9
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-