General
-
Target
0728b4bdf11dbf9da1c04ad542981e9bc44e313747bf5b86dccc15ca7f8dc927.exe
-
Size
207KB
-
Sample
220514-q5jefahhf9
-
MD5
0af7fbb3b5a2a7059555859c4c1db8f9
-
SHA1
67e96d488538213b16c6c0c599648437a176039a
-
SHA256
0728b4bdf11dbf9da1c04ad542981e9bc44e313747bf5b86dccc15ca7f8dc927
-
SHA512
3a2174b9930aab109cba7fba398dca4f4f99bd1fe6a96f6b954bc3d49a9cb2e3e17cf5cbc33d363722f41aabf7e71515b28fa752617c0e882f4e3c6ff1226f5c
Malware Config
Extracted
lokibot
http://62.197.136.176/liyan/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0728b4bdf11dbf9da1c04ad542981e9bc44e313747bf5b86dccc15ca7f8dc927.exe
-
Size
207KB
-
MD5
0af7fbb3b5a2a7059555859c4c1db8f9
-
SHA1
67e96d488538213b16c6c0c599648437a176039a
-
SHA256
0728b4bdf11dbf9da1c04ad542981e9bc44e313747bf5b86dccc15ca7f8dc927
-
SHA512
3a2174b9930aab109cba7fba398dca4f4f99bd1fe6a96f6b954bc3d49a9cb2e3e17cf5cbc33d363722f41aabf7e71515b28fa752617c0e882f4e3c6ff1226f5c
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-