General
-
Target
e274d019488590ec7724946a1e20f4d4eb50b82413c72e0c1c88ac321af126f7
-
Size
587KB
-
Sample
220415-beb54sfdfr
-
MD5
7f69debea9008e63b051c8961e521406
-
SHA1
36284716a8d57767523c7b549570ad823c8739d0
-
SHA256
e274d019488590ec7724946a1e20f4d4eb50b82413c72e0c1c88ac321af126f7
-
SHA512
0b7c92f9d4e2c4f350e4f7de52caa410e702bbbc9c3ca3da2c69d6811dde41132f0f83ae34db396f5940cf8c79c231f84338b8a934c162194b413247f341fca8
Malware Config
Extracted
lokibot
http://oziltestfw.ml/officem10/logs/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e274d019488590ec7724946a1e20f4d4eb50b82413c72e0c1c88ac321af126f7
-
Size
587KB
-
MD5
7f69debea9008e63b051c8961e521406
-
SHA1
36284716a8d57767523c7b549570ad823c8739d0
-
SHA256
e274d019488590ec7724946a1e20f4d4eb50b82413c72e0c1c88ac321af126f7
-
SHA512
0b7c92f9d4e2c4f350e4f7de52caa410e702bbbc9c3ca3da2c69d6811dde41132f0f83ae34db396f5940cf8c79c231f84338b8a934c162194b413247f341fca8
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Meta Stealer Stealer
Meta Stealer steals passwords stored in browsers, written in C++.
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-