General
-
Target
74991ab895e1f8d955c8f6de29ef10599be52aeea9f3b1b290c0130041a2e470
-
Size
332KB
-
Sample
220521-ne3dhsdfa4
-
MD5
82000c9c17c4eb6383ace5b25d988495
-
SHA1
d89fc8f23ef4279f9507ea6c066593b3b9b5b3e6
-
SHA256
74991ab895e1f8d955c8f6de29ef10599be52aeea9f3b1b290c0130041a2e470
-
SHA512
96d9f794cc77ca119ffadf7a09b5465d29a11921f8fdf7837ae2154aaca726371dc8a259e82d811c4f45c0cdc5c540d0982a97f3eb46c9577422519f1c2f2bb8
Malware Config
Extracted
lokibot
http://kibossuqar.com/kaka/kaka3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ENG SPARE PARTS REQUISITION ESP-20-07 -xls.exe
-
Size
445KB
-
MD5
29bd49a56e9f98c2ada1a357970c940e
-
SHA1
8029cdcd8ba9b1b23c171ba76761b809577537a8
-
SHA256
9ef99bef155c98b7c49a98a89d540f42c19a20ce4ba8e6b027b107838a77237d
-
SHA512
dfb7009e759c86df2987a14d3e3f3357f674f32493bf5170f702f72690d01ac5e582ea183c31178794d7ee101e647542c1f929aff6d474ca76d0196f6786a5b7
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-