General
-
Target
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06.exe
-
Size
527KB
-
Sample
211204-abpflahegq
-
MD5
6e9d0244c9fe8f7886c85b1ee6457a57
-
SHA1
0b46ba43e7864d02502a54e3d638a1bd5f950e77
-
SHA256
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06
-
SHA512
683baa48c9de850f9374a33767d748526a78daf63ef373e0fc8f2d1ae3e336cb8ef78f47f688b9d6eef16627454e14c783baae2407c46cd6a4a949751a3f6819
Malware Config
Extracted
lokibot
http://exinmbakala.xyz/abu/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06.exe
-
Size
527KB
-
MD5
6e9d0244c9fe8f7886c85b1ee6457a57
-
SHA1
0b46ba43e7864d02502a54e3d638a1bd5f950e77
-
SHA256
a852767012d33e903f2c89250083962d52dffc8b8575462634630fb806d73a06
-
SHA512
683baa48c9de850f9374a33767d748526a78daf63ef373e0fc8f2d1ae3e336cb8ef78f47f688b9d6eef16627454e14c783baae2407c46cd6a4a949751a3f6819
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-