General
-
Target
TNT Original Invoice.exe
-
Size
858KB
-
Sample
210115-h16bstdpaa
-
MD5
5c7188426a084631737fc8792926945e
-
SHA1
3f9548fca35c6439b2f9ecc621cfb98c2be6ebc2
-
SHA256
f58cdcc753abc5e59a1d6367b421517b89992a43b41b9bccdb277ef69de4d6b0
-
SHA512
97e4a513fa6bdceff46c012efb1cb74906fa3ac94903107594c0a436d6b815f15d57588113ad7917d56a2ff6e5adc96fd3f2233bc53e34ee751b1b53e1cfa4e1
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/cfOoZYb0LXPms
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
TNT Original Invoice.exe
-
Size
858KB
-
MD5
5c7188426a084631737fc8792926945e
-
SHA1
3f9548fca35c6439b2f9ecc621cfb98c2be6ebc2
-
SHA256
f58cdcc753abc5e59a1d6367b421517b89992a43b41b9bccdb277ef69de4d6b0
-
SHA512
97e4a513fa6bdceff46c012efb1cb74906fa3ac94903107594c0a436d6b815f15d57588113ad7917d56a2ff6e5adc96fd3f2233bc53e34ee751b1b53e1cfa4e1
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-