General
-
Target
434e76f577ffcd5513d95da9adce03abd7eacd4dfe4ff8c320d9a8fe18b0c380.exe
-
Size
208KB
-
Sample
220514-q5h4nshhf8
-
MD5
e647eb555d9cabaf7997da05d2195ad0
-
SHA1
ee2add1f7c0bacf5b539f57ace0e66e3213954a1
-
SHA256
434e76f577ffcd5513d95da9adce03abd7eacd4dfe4ff8c320d9a8fe18b0c380
-
SHA512
692635cc4681bd42de805efa9626726d8e14e8dadf108ca696402666f43ca8c78f516bebd3df696b19d2c18a0dac025199d2fa8b7dea3fee830cc21c12ebb63b
Malware Config
Extracted
lokibot
http://vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
434e76f577ffcd5513d95da9adce03abd7eacd4dfe4ff8c320d9a8fe18b0c380.exe
-
Size
208KB
-
MD5
e647eb555d9cabaf7997da05d2195ad0
-
SHA1
ee2add1f7c0bacf5b539f57ace0e66e3213954a1
-
SHA256
434e76f577ffcd5513d95da9adce03abd7eacd4dfe4ff8c320d9a8fe18b0c380
-
SHA512
692635cc4681bd42de805efa9626726d8e14e8dadf108ca696402666f43ca8c78f516bebd3df696b19d2c18a0dac025199d2fa8b7dea3fee830cc21c12ebb63b
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-