General
-
Target
aDjBsDXAbSDNi5L.exe
-
Size
428KB
-
Sample
211025-m99kmsghfm
-
MD5
d3653513a4ecdc767beabeb00ad5e98b
-
SHA1
4bc86b0ce232029b9bb9c3d3575cbcec6661a518
-
SHA256
a735a8c9c8454d659554337201d4e401e02df5bb79a921b1a4c25e40f84f1506
-
SHA512
3b0aa6846347e370b3eb7f262eb6c7b8211cbec84352c8c2c7cd95b7d606dfbbf926d114a9e479809db2ad84a1331a437e302c42a2bfbfdb675d22479f502ff0
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=6446112
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
aDjBsDXAbSDNi5L.exe
-
Size
428KB
-
MD5
d3653513a4ecdc767beabeb00ad5e98b
-
SHA1
4bc86b0ce232029b9bb9c3d3575cbcec6661a518
-
SHA256
a735a8c9c8454d659554337201d4e401e02df5bb79a921b1a4c25e40f84f1506
-
SHA512
3b0aa6846347e370b3eb7f262eb6c7b8211cbec84352c8c2c7cd95b7d606dfbbf926d114a9e479809db2ad84a1331a437e302c42a2bfbfdb675d22479f502ff0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-