General
-
Target
Documentos de pago.PDF.bat
-
Size
785KB
-
Sample
210113-xz1sc9glds
-
MD5
3f09920e886cc97941e5f583df1f748e
-
SHA1
ce884a421722073936438dfea755547674c6b003
-
SHA256
a34d721f2e55cfaf7913b4a5805cc1be6becb6f4bb61875b8d7f7d60c23b3e29
-
SHA512
e9d151593b3f4d32c60fe7308a01d7c26756d10ecd805d7aa6cd64ef623a7864e0254dcfeea22a0b55ead122c1b36b9a6315185362142b53e9ccd68efef8fab1
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/qElaNgWyezEFV
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Documentos de pago.PDF.bat
-
Size
785KB
-
MD5
3f09920e886cc97941e5f583df1f748e
-
SHA1
ce884a421722073936438dfea755547674c6b003
-
SHA256
a34d721f2e55cfaf7913b4a5805cc1be6becb6f4bb61875b8d7f7d60c23b3e29
-
SHA512
e9d151593b3f4d32c60fe7308a01d7c26756d10ecd805d7aa6cd64ef623a7864e0254dcfeea22a0b55ead122c1b36b9a6315185362142b53e9ccd68efef8fab1
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-