General
-
Target
33e915c5057bbb6481b2d492d1bde0ed.exe
-
Size
281KB
-
Sample
220223-qc8tmabedr
-
MD5
33e915c5057bbb6481b2d492d1bde0ed
-
SHA1
61c5cb98ab708ad84cb367db83df804ff651918e
-
SHA256
1960cdd2c85eb563f15831012f4afe994ed4da25091b6d89b81563d5217a4484
-
SHA512
05dd3071aa006a3bc86f22953bf96f01bb6d286e1cbc20d2c946dab0c9c7f9cff977816a80b930a889d9bcbe9115b4b06e3ffa6dbdbe2c4e2581c34ca30e7bb5
Malware Config
Extracted
lokibot
http://brokenskulltechnologies.tk/BN1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
33e915c5057bbb6481b2d492d1bde0ed.exe
-
Size
281KB
-
MD5
33e915c5057bbb6481b2d492d1bde0ed
-
SHA1
61c5cb98ab708ad84cb367db83df804ff651918e
-
SHA256
1960cdd2c85eb563f15831012f4afe994ed4da25091b6d89b81563d5217a4484
-
SHA512
05dd3071aa006a3bc86f22953bf96f01bb6d286e1cbc20d2c946dab0c9c7f9cff977816a80b930a889d9bcbe9115b4b06e3ffa6dbdbe2c4e2581c34ca30e7bb5
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-