General
-
Target
9235243d6dca0bb2bdad8abc90ebb549d4e08a0e2a9b73298d879866b0cb717e
-
Size
398KB
-
Sample
220521-myqy6acfg7
-
MD5
95c7020eec777396a224712e7d96aa99
-
SHA1
138765c0c2e1306e55bd6c1808cb8a1fa87f2932
-
SHA256
9235243d6dca0bb2bdad8abc90ebb549d4e08a0e2a9b73298d879866b0cb717e
-
SHA512
fa9b0c3a78164a207cacac6f90c1ffe79e841d87666e73e1a40565117d6274c6575bfcd28b371d2aeadd52d1975918c6291910a51759c08d85bcd81630e85437
Malware Config
Targets
-
-
Target
Company Profile.exe
-
Size
726KB
-
MD5
337ec19a59c4dc76e7edeac2beebadc5
-
SHA1
6eb66f45d920d97cb189abe93e703055f182c311
-
SHA256
4b76a74852fe730433ccd52b13750fd292efb735891f1797ed5c8bdbe62a0385
-
SHA512
2fdddd7c1b3c3237147afd6520b34c1276fb24d4526a0eda42cb089c31b7cb135e45a523ec130cd9858c9f9a5b31096e1031f42cb003749dd72c339251d7d737
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-