General
-
Target
871fa4ba1f0c569a5e3eecc4580b37039a5ba0ea1b07435b881e021ec7532785.exe
-
Size
570KB
-
Sample
210726-xsgzpcsjqx
-
MD5
6e6cdfa369b1182d7a499bea719dbff7
-
SHA1
68fb26d866144f37f829674713a639948684b7b1
-
SHA256
871fa4ba1f0c569a5e3eecc4580b37039a5ba0ea1b07435b881e021ec7532785
-
SHA512
d94e8d5b57abcb6c919807370d7c946a5a99f34c1fe1ff5558d9877bba7bcb955df0630a6054a70d19709cb44df63b264ba2fed83c475603df1e66e004ff32f2
Malware Config
Extracted
lokibot
http://lushbb.xyz/mtk2/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
871fa4ba1f0c569a5e3eecc4580b37039a5ba0ea1b07435b881e021ec7532785.exe
-
Size
570KB
-
MD5
6e6cdfa369b1182d7a499bea719dbff7
-
SHA1
68fb26d866144f37f829674713a639948684b7b1
-
SHA256
871fa4ba1f0c569a5e3eecc4580b37039a5ba0ea1b07435b881e021ec7532785
-
SHA512
d94e8d5b57abcb6c919807370d7c946a5a99f34c1fe1ff5558d9877bba7bcb955df0630a6054a70d19709cb44df63b264ba2fed83c475603df1e66e004ff32f2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Suspicious use of SetThreadContext
-