General
-
Target
fb58486744862437fbcbe4acc9cce0fc5727e253686ad0e495c82e827017c99c.exe
-
Size
528KB
-
Sample
211202-n9vxxsfhbr
-
MD5
690b6e21fea73fa4bb6b1984957d2342
-
SHA1
c63aa497e85d9093a01c70486b3c99826c70074c
-
SHA256
fb58486744862437fbcbe4acc9cce0fc5727e253686ad0e495c82e827017c99c
-
SHA512
0f4481f272d0977b6822f6909088870346e1d37a614e4cc478349257345d26e40048adba65c2cb8214d67edda1cb2ddc8e236ee3446a92d015d195709ee2b1fc
Malware Config
Extracted
lokibot
http://secure01-redirect.net/gb17/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fb58486744862437fbcbe4acc9cce0fc5727e253686ad0e495c82e827017c99c.exe
-
Size
528KB
-
MD5
690b6e21fea73fa4bb6b1984957d2342
-
SHA1
c63aa497e85d9093a01c70486b3c99826c70074c
-
SHA256
fb58486744862437fbcbe4acc9cce0fc5727e253686ad0e495c82e827017c99c
-
SHA512
0f4481f272d0977b6822f6909088870346e1d37a614e4cc478349257345d26e40048adba65c2cb8214d67edda1cb2ddc8e236ee3446a92d015d195709ee2b1fc
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-