General
-
Target
RvpOjGNoeUrU5YI.exe
-
Size
1.1MB
-
Sample
210624-rffsrt3v6s
-
MD5
40898897810b8ed4004003c936ac40ee
-
SHA1
f7ce06775d627c33e53d2fe49b0dc61dc6e2f8b6
-
SHA256
146895757ccfcc5080a9b371aade4468d1fc0c85accb4d907f6be49927c6d2c3
-
SHA512
fd8bb723ff16c45ebe70ff2f36fc7ea5818e44f8eb02cb114f3e24a6f714ac23e050eee060f809ae5f316cd568e6e3c551fe89aa304a3f0380b58be49c180666
Malware Config
Extracted
lokibot
http://63.141.228.141/32.php/3LJAZguIGMmJV
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RvpOjGNoeUrU5YI.exe
-
Size
1.1MB
-
MD5
40898897810b8ed4004003c936ac40ee
-
SHA1
f7ce06775d627c33e53d2fe49b0dc61dc6e2f8b6
-
SHA256
146895757ccfcc5080a9b371aade4468d1fc0c85accb4d907f6be49927c6d2c3
-
SHA512
fd8bb723ff16c45ebe70ff2f36fc7ea5818e44f8eb02cb114f3e24a6f714ac23e050eee060f809ae5f316cd568e6e3c551fe89aa304a3f0380b58be49c180666
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-