General
-
Target
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935.exe
-
Size
178KB
-
Sample
220514-q5jp7shhh3
-
MD5
2c24fa42140a8a16f3777173a2d3f0ab
-
SHA1
a11c097a2317d636ee095ccb94ee9d6c96934eda
-
SHA256
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935
-
SHA512
267151d9b75fd3976f55a2119c4218960d89e351afea397eb34877ae1ff9d5c3fb1d094875b695b6ce509b59acf619a18e2a3a97673fd5a15b520635e211494c
Malware Config
Extracted
lokibot
http://sempersim.su/gf17/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935.exe
-
Size
178KB
-
MD5
2c24fa42140a8a16f3777173a2d3f0ab
-
SHA1
a11c097a2317d636ee095ccb94ee9d6c96934eda
-
SHA256
a9ffbe69538bcd014f6c7b1606c3df5781d369cf4386240ab1a788e9a2f99935
-
SHA512
267151d9b75fd3976f55a2119c4218960d89e351afea397eb34877ae1ff9d5c3fb1d094875b695b6ce509b59acf619a18e2a3a97673fd5a15b520635e211494c
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-