General
-
Target
e2ca1d708de42fa96bf9f6b4ae7059af755ad2b694bc91f59b4e696ddf6a81fb.exe
-
Size
1.1MB
-
Sample
210115-hv5lcdaqfx
-
MD5
f8938b5c44ddb8c25bf1c976a6d2b627
-
SHA1
d356067d79d709e25b7b5aefcc8fd5e8b9c5f342
-
SHA256
e2ca1d708de42fa96bf9f6b4ae7059af755ad2b694bc91f59b4e696ddf6a81fb
-
SHA512
00898e944b2dfc1c61c2bfd066107364ecff4e03fae613fd4b1e8771e229659b4282cac1f88a26c16d57ee49472688f28c7fb16ce2458b56f9d9b36c11c53bd7
Malware Config
Extracted
lokibot
http://51.195.53.221/p.php/cfOoZYb0LXPms
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e2ca1d708de42fa96bf9f6b4ae7059af755ad2b694bc91f59b4e696ddf6a81fb.exe
-
Size
1.1MB
-
MD5
f8938b5c44ddb8c25bf1c976a6d2b627
-
SHA1
d356067d79d709e25b7b5aefcc8fd5e8b9c5f342
-
SHA256
e2ca1d708de42fa96bf9f6b4ae7059af755ad2b694bc91f59b4e696ddf6a81fb
-
SHA512
00898e944b2dfc1c61c2bfd066107364ecff4e03fae613fd4b1e8771e229659b4282cac1f88a26c16d57ee49472688f28c7fb16ce2458b56f9d9b36c11c53bd7
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
NetWire RAT payload
-
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-