General
-
Target
Cotización.pdf.exe
-
Size
1.1MB
-
Sample
210721-jma3epw3p2
-
MD5
c3412fee75b0f8758ea9905930ec2f34
-
SHA1
e9245aba2ee62a7baffbccb725bca4bc0fd0302e
-
SHA256
a978c99ada8c0272b0670865cdecc324d883304d54f2e90ea829891183b3aaa9
-
SHA512
65cbf40e4d180dcd0595ab33521bc32fae6587ba60edc0114d2d0afc5bb4773a9153895e36d7675d7d187feba6ef76b2992d97b6bfc4838202fc395cd46b8a5e
Malware Config
Extracted
lokibot
https://zamloki.xyz/des/co/tox.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Cotización.pdf.exe
-
Size
1.1MB
-
MD5
c3412fee75b0f8758ea9905930ec2f34
-
SHA1
e9245aba2ee62a7baffbccb725bca4bc0fd0302e
-
SHA256
a978c99ada8c0272b0670865cdecc324d883304d54f2e90ea829891183b3aaa9
-
SHA512
65cbf40e4d180dcd0595ab33521bc32fae6587ba60edc0114d2d0afc5bb4773a9153895e36d7675d7d187feba6ef76b2992d97b6bfc4838202fc395cd46b8a5e
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-