General
-
Target
Purchase Order (po) 2112 #.arj
-
Size
305KB
-
Sample
211029-xs8l5aafaq
-
MD5
7331e41a635411e0ea674c30ba3e3fb8
-
SHA1
9dfe332f2662a0221681e829dba12cc1a5563d0d
-
SHA256
94557fa7e1969b0827e38aa4d5155f03f18f2e4a46431a834c0c91e4421415c4
-
SHA512
79866c5aee730befd49302098ea8097f7e2e4812d834c7b3fba909bb5b849b816fe7260b94e6919dc71157479bba6afee99ee143723f35551a409790c47e55cd
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=5905725
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Purchase Order (po) 2112 #.exe
-
Size
311KB
-
MD5
60942264e004e7b35c10771a7554ad62
-
SHA1
933c1e3a5835f080fd859f02f4bdfd43fac8e26d
-
SHA256
19728ca65d7388178ee03319761b50c885097271276fdd1a7bfd2f9305373d43
-
SHA512
c98f2c36094d10c7c744be52e323584e1f4a2128d2ae063a792d2904accca51ae9dc814f43baff87f5f258e68b10c8f749184bc789e354f73d402be6a6453e43
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-