General
-
Target
3297dab797abe5ba8541d9bd2081d1cd397420b8aeb1b176655fb4ef3c4b7f29
-
Size
232KB
-
Sample
220521-nfmpfsdfb8
-
MD5
4304ce8e666ecf99ca597069e0e1cfd1
-
SHA1
599f2d7425fd0292680110f40a09499ad0bd99ee
-
SHA256
3297dab797abe5ba8541d9bd2081d1cd397420b8aeb1b176655fb4ef3c4b7f29
-
SHA512
8133551ddbde25a12ddf3a6dadbadf30163193d8db3becd89cf06b5a0f97f172b3edeb25fd9ad0a9d0cd9841956b567c034544d078dd7f60805d2c50d224f991
Malware Config
Extracted
lokibot
http://kibossuqar.com/kaka/kaka3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
CONTRACT Scan 000029900 003999000 -pdf.exe
-
Size
272KB
-
MD5
e6a11035c69400e17342bb05ec76bcbf
-
SHA1
65bdb01ba3581868b7000413ec3b1385d6c64f3f
-
SHA256
bad957e63784a3709369a74d3d20f121ec588d10d1faad873e5a0813d9841eb7
-
SHA512
049bb3d68d589f608872ae6d9d6c2248919d2d51403e28a0c1a513485ee104351da832bbb3c157638767dcd4935942257c3133ed21cbd91d7b93de519b43b561
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-