General
-
Target
e06081aedcfc5f44b0ccde2ac1a13f287ed6533f74ca5fa050e174e5774140c2.exe
-
Size
178KB
-
Sample
220514-q5jp7sccgn
-
MD5
76f60d8b7e3ff84e6f804f5bda945117
-
SHA1
9b80a0b687c3d6af052df852a0036126c18b7cf6
-
SHA256
e06081aedcfc5f44b0ccde2ac1a13f287ed6533f74ca5fa050e174e5774140c2
-
SHA512
ae533d9eefcce95fcc975b1ff4b512a25e34bc5eab9cd25af27f72985f6ad1e58bc5c768c210055d3016384274528620bc6f7fec18dde3497bd2d03957752e68
Malware Config
Extracted
lokibot
http://62.197.136.176/tmglobal/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e06081aedcfc5f44b0ccde2ac1a13f287ed6533f74ca5fa050e174e5774140c2.exe
-
Size
178KB
-
MD5
76f60d8b7e3ff84e6f804f5bda945117
-
SHA1
9b80a0b687c3d6af052df852a0036126c18b7cf6
-
SHA256
e06081aedcfc5f44b0ccde2ac1a13f287ed6533f74ca5fa050e174e5774140c2
-
SHA512
ae533d9eefcce95fcc975b1ff4b512a25e34bc5eab9cd25af27f72985f6ad1e58bc5c768c210055d3016384274528620bc6f7fec18dde3497bd2d03957752e68
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-