General
-
Target
MT2020101400000000000000000000000000000000000000.exe
-
Size
38.0MB
-
Sample
210114-f8z5vh28ln
-
MD5
af4e14dc0a0735b10083f49271955abe
-
SHA1
a1f05b2bffe0421e2f6b2481ce7368116d5ceb90
-
SHA256
09d8ccb0c15957c273c7c7dfdc4c520b80eeec8b5e6956178aafa43e6f694e39
-
SHA512
2430dd17e0de00a0a962fe9a06d40cc7448fe8bd653845b1e71557f3f0743c3f624cd4f1347a4e5e3eea35bd2cc1b46fb55b3321ef272541bcaeb57265669c20
Malware Config
Extracted
lokibot
http://becharnise.ir/fox/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
MT2020101400000000000000000000000000000000000000.exe
-
Size
38.0MB
-
MD5
af4e14dc0a0735b10083f49271955abe
-
SHA1
a1f05b2bffe0421e2f6b2481ce7368116d5ceb90
-
SHA256
09d8ccb0c15957c273c7c7dfdc4c520b80eeec8b5e6956178aafa43e6f694e39
-
SHA512
2430dd17e0de00a0a962fe9a06d40cc7448fe8bd653845b1e71557f3f0743c3f624cd4f1347a4e5e3eea35bd2cc1b46fb55b3321ef272541bcaeb57265669c20
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-