General
-
Target
ee4c21ac49d75124c64cd9ec55f69b234428237a8f146fd0f4ed65439e35e1d1
-
Size
113KB
-
Sample
220521-prlrzafhc3
-
MD5
c3df8c5f40e6681717935ba760101ea5
-
SHA1
6f0010486ca22bb9bb772a1341a7bfb48cf483bb
-
SHA256
ee4c21ac49d75124c64cd9ec55f69b234428237a8f146fd0f4ed65439e35e1d1
-
SHA512
3a9404bf93d2261f993d6d8c6aeda54445831317d1bc84718ae1a1205ef61dae5d8b2f14ba41bfd6af0040e43ccfd1ba42b5e02c67d98ac296903db10f7e0cc3
Malware Config
Extracted
lokibot
http://profortune-tw.com/cloks/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
CCI20200807_00004.scr
-
Size
150KB
-
MD5
a84df0863f2ec413c473cd8c932e703b
-
SHA1
f338a0c345cd32973f25c9afa3d10fe5b6a56179
-
SHA256
40945ece3013a851632d449748c3527f00ecd7f08a3e36031cbabed250589b76
-
SHA512
e75a2f0d480b3bbebdbb938138ab6089d2c765b37524d274a219419afe1c7e2f20ad93750ac6e4ca88b1b71bd787689d8b627e5450ebdd11b403ff28a391db01
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-