General
-
Target
46c0206c8937107e15c3cab2aa462e93.exe
-
Size
274KB
-
Sample
211029-f114kshdbn
-
MD5
46c0206c8937107e15c3cab2aa462e93
-
SHA1
39b4646cfd8501cb64435ccc891cd9629194d146
-
SHA256
0aa08d86a002c9ae17de017777dbbe5704c31ab2351737244c11d2aac1a5ff0d
-
SHA512
1963d3ecafc97a5921104db3db33d8b8c18ce37b13700d1c95c655cb247706294c5ebb0eb3f8e42d47c28189482e43394630f4ea8c889b5212a90b879bafb4ad
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=719442
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
46c0206c8937107e15c3cab2aa462e93.exe
-
Size
274KB
-
MD5
46c0206c8937107e15c3cab2aa462e93
-
SHA1
39b4646cfd8501cb64435ccc891cd9629194d146
-
SHA256
0aa08d86a002c9ae17de017777dbbe5704c31ab2351737244c11d2aac1a5ff0d
-
SHA512
1963d3ecafc97a5921104db3db33d8b8c18ce37b13700d1c95c655cb247706294c5ebb0eb3f8e42d47c28189482e43394630f4ea8c889b5212a90b879bafb4ad
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-