General
-
Target
DHLReceipt10106272873.exe
-
Size
645KB
-
Sample
220701-mtys7sech4
-
MD5
890f2ae36a16e223d45f0351f8369174
-
SHA1
2062f503376626148862920802be1b33bdd0fcdd
-
SHA256
e6b5420e96f75cbc41decc0108c277b71e456a55e5fe750c966a44b5c66473d0
-
SHA512
56903a51003e33694d3b47b95ddd8603fac77890ccc11f9b8747f208cf2558f4fc4467f399b2dc158af1605bb806f7ecb64b04bf4105ae79f89d89d36f82afd3
Malware Config
Extracted
lokibot
http://sempersim.su/gh18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHLReceipt10106272873.exe
-
Size
645KB
-
MD5
890f2ae36a16e223d45f0351f8369174
-
SHA1
2062f503376626148862920802be1b33bdd0fcdd
-
SHA256
e6b5420e96f75cbc41decc0108c277b71e456a55e5fe750c966a44b5c66473d0
-
SHA512
56903a51003e33694d3b47b95ddd8603fac77890ccc11f9b8747f208cf2558f4fc4467f399b2dc158af1605bb806f7ecb64b04bf4105ae79f89d89d36f82afd3
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-