General
-
Target
9bb06a021a4881d899889e8144323fd17763fb49abd9ced9faaafbdc35ab5f40
-
Size
685KB
-
Sample
220521-w7v4xabbb6
-
MD5
0a381c851b0f13d18bcd5efe6352eec3
-
SHA1
f28747eb99fc948af08657d288c09fca6630994a
-
SHA256
9bb06a021a4881d899889e8144323fd17763fb49abd9ced9faaafbdc35ab5f40
-
SHA512
a7f8c886f188d975a9fe412ccc972fec115267c7292e40a6c2b9b78430f3770eae109734e26de2f275c591b7fd270489d8aa055977ca58dc10fbaf228ad356a1
Malware Config
Extracted
lokibot
http://superson.ga/Bobby/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Remittance ADVICE.exe
-
Size
1.1MB
-
MD5
d7e5cae47982fe6cee9a60426d9b6e1a
-
SHA1
cee33cfb8ad0380d6aaa1272e3a1e5474f2d5b59
-
SHA256
3d611ca54f64546327d9bc6993662d5058a7f07fa8e16b81fc7ee6ff60d952f2
-
SHA512
80fa653ba171ff732919d68e1a3b418deb40a49756fd95b8efa4b60a3619ee093db55da87434b50361acca8c0dbd848f0657b9a0536288a377d01b577e64de07
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-