General
-
Target
5d292d4801d37591a78cc668219f7a7279a830fbbe01dd8e4bbe4a8a7d43f127.exe
-
Size
1.0MB
-
Sample
211206-papsasgha5
-
MD5
f1d22e527253f4cd87eb490df707ba00
-
SHA1
c0cfb5fdf1ef8eec7cb7f0a753391e768bacb8fd
-
SHA256
5d292d4801d37591a78cc668219f7a7279a830fbbe01dd8e4bbe4a8a7d43f127
-
SHA512
246467627447e89202e939e1890bfaf7da4b626aef5706f3688eea6842cc8423949409a5409069f958466679c251517627d57834d4114b94524d79a146cb1827
Malware Config
Extracted
lokibot
http://195.133.18.144/main/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5d292d4801d37591a78cc668219f7a7279a830fbbe01dd8e4bbe4a8a7d43f127.exe
-
Size
1.0MB
-
MD5
f1d22e527253f4cd87eb490df707ba00
-
SHA1
c0cfb5fdf1ef8eec7cb7f0a753391e768bacb8fd
-
SHA256
5d292d4801d37591a78cc668219f7a7279a830fbbe01dd8e4bbe4a8a7d43f127
-
SHA512
246467627447e89202e939e1890bfaf7da4b626aef5706f3688eea6842cc8423949409a5409069f958466679c251517627d57834d4114b94524d79a146cb1827
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-