General
-
Target
0160e6f20b6dd8840c7cc06c1b7182b42cd711181270f70419f7df38d62c9304.exe
-
Size
178KB
-
Sample
220514-q5j1zacchk
-
MD5
9eb9e0b2d312768914016744d9361751
-
SHA1
d64d4932a27f2dec2119297dcb9536ad1c1e2bf3
-
SHA256
0160e6f20b6dd8840c7cc06c1b7182b42cd711181270f70419f7df38d62c9304
-
SHA512
ad70ecb3d1382907e952917fb221c6b0d28247f43b6a82155528ac45d3fe6065da4a0e98663914297dd1d28eaa5e2838d0df420e5ddb94d5040aae1a845799e0
Malware Config
Extracted
lokibot
http://hyatqfuh9olahvxf.gq/BN3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0160e6f20b6dd8840c7cc06c1b7182b42cd711181270f70419f7df38d62c9304.exe
-
Size
178KB
-
MD5
9eb9e0b2d312768914016744d9361751
-
SHA1
d64d4932a27f2dec2119297dcb9536ad1c1e2bf3
-
SHA256
0160e6f20b6dd8840c7cc06c1b7182b42cd711181270f70419f7df38d62c9304
-
SHA512
ad70ecb3d1382907e952917fb221c6b0d28247f43b6a82155528ac45d3fe6065da4a0e98663914297dd1d28eaa5e2838d0df420e5ddb94d5040aae1a845799e0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-