General
-
Target
606e962ab5babddf8616a2e9596d0312fae466cc2529dca4ab5f44d0f4863902.exe
-
Size
875KB
-
Sample
210122-dgrbp3rqka
-
MD5
ee3d3372977f96a7eb777e7cb1a49517
-
SHA1
d57cb7e62bed15d778e026ed0b8af9fa38be951f
-
SHA256
606e962ab5babddf8616a2e9596d0312fae466cc2529dca4ab5f44d0f4863902
-
SHA512
98daffb5261938a9b1fe5e4a45e77077a27de31527a7a5c396c3b1b1bd7c44e6804de3461d9e366c87534f49aaf351466c2082163f47c7f9166810550ba4ec4f
Malware Config
Extracted
lokibot
http://zunlen.com/kin/kin4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
606e962ab5babddf8616a2e9596d0312fae466cc2529dca4ab5f44d0f4863902.exe
-
Size
875KB
-
MD5
ee3d3372977f96a7eb777e7cb1a49517
-
SHA1
d57cb7e62bed15d778e026ed0b8af9fa38be951f
-
SHA256
606e962ab5babddf8616a2e9596d0312fae466cc2529dca4ab5f44d0f4863902
-
SHA512
98daffb5261938a9b1fe5e4a45e77077a27de31527a7a5c396c3b1b1bd7c44e6804de3461d9e366c87534f49aaf351466c2082163f47c7f9166810550ba4ec4f
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-