General
-
Target
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e.exe
-
Size
123KB
-
Sample
220521-yhx83sgbhj
-
MD5
ecd214e92cab6fb7e793a9068303bc7b
-
SHA1
93e56deee788685d9166810b0147b841516216f0
-
SHA256
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e
-
SHA512
7bfc1a75cc8acc43a4047957405300dd868507a04c8da7f0c4d3e56ea34a773b9768930212bf93880a1bdb95feaf9d8e1d3d87962c66f879615b77f8e78922aa
Malware Config
Extracted
lokibot
http://85.202.169.172/goodlife/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e.exe
-
Size
123KB
-
MD5
ecd214e92cab6fb7e793a9068303bc7b
-
SHA1
93e56deee788685d9166810b0147b841516216f0
-
SHA256
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e
-
SHA512
7bfc1a75cc8acc43a4047957405300dd868507a04c8da7f0c4d3e56ea34a773b9768930212bf93880a1bdb95feaf9d8e1d3d87962c66f879615b77f8e78922aa
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-