General
-
Target
684e2e17f92d3a89e7251185582b357c796421e95bd4060e9e01fe667c6aab85.exe
-
Size
13.0MB
-
Sample
210118-v3h3vwzh8s
-
MD5
f5a94ac63f20aee699cb978229861b09
-
SHA1
2f6542a7b3e84285b9511d040e2b1a8e2dab7b5b
-
SHA256
684e2e17f92d3a89e7251185582b357c796421e95bd4060e9e01fe667c6aab85
-
SHA512
42f0cab90cabbb1db7f82d3a8b69aaee2cbf21369bcde31bbcf0e7f306fd8abc42570407e035be578baa20a72f7b3246d7cab2740d7c6c193a54b15d9d586f16
Malware Config
Extracted
lokibot
http://208.70.248.230/ty/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
684e2e17f92d3a89e7251185582b357c796421e95bd4060e9e01fe667c6aab85.exe
-
Size
13.0MB
-
MD5
f5a94ac63f20aee699cb978229861b09
-
SHA1
2f6542a7b3e84285b9511d040e2b1a8e2dab7b5b
-
SHA256
684e2e17f92d3a89e7251185582b357c796421e95bd4060e9e01fe667c6aab85
-
SHA512
42f0cab90cabbb1db7f82d3a8b69aaee2cbf21369bcde31bbcf0e7f306fd8abc42570407e035be578baa20a72f7b3246d7cab2740d7c6c193a54b15d9d586f16
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-