General
-
Target
635dbe0bca9fd370cf86d4f71163e4ed0c34692801046d30364650e92cbe6659
-
Size
191KB
-
Sample
220521-nxr1hahdcm
-
MD5
07a38f37f716b6b1f02bb1d0c7a8f7b9
-
SHA1
b432785abf7db0ac3f301da72718ab8fbc002958
-
SHA256
635dbe0bca9fd370cf86d4f71163e4ed0c34692801046d30364650e92cbe6659
-
SHA512
9f99dea9f92a7f54f8cf926376212b607d9753216d4ea3f58c5449c6d5bdd4ef23ec5df24a952e6196abd13c7adf1e7e76e0d7d0c12234f5a4b52138e796e2b7
Malware Config
Extracted
lokibot
http://flexpak-th.com/osama/aboki/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SHIPPING_DOCS_WAN_HAI_pdf.exe
-
Size
240KB
-
MD5
9f687baad6cff9deb8ed43bbc7a383f4
-
SHA1
c3d355cc10d044964fdb1d563afc525b25d8e98f
-
SHA256
df1f012094e4d7601eecac850af54eb268691a8dd95f79fae052e6b7588780f5
-
SHA512
9c8d40a4346279c9ad5add328a3695ab4a80decbcc580edcb5a998896018c63af1bc84028e6d574635c77194e7ee970b195c89724ebf59541154c7896efe45f2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-