General
-
Target
736c545dcb8c8d206c1232748ac9c9f926c05bda439459291c768bffb2f7dca4
-
Size
348KB
-
Sample
220703-v3qg7acdc4
-
MD5
9007e46a6d3ed8cf3f8a0f2bcd8e58b5
-
SHA1
58b03cd10a96fd58c3dbfd07aa42de1ae4ef63c0
-
SHA256
736c545dcb8c8d206c1232748ac9c9f926c05bda439459291c768bffb2f7dca4
-
SHA512
51056dd90b15302d90f8367e3630cc5dee00a9aaaeb0e4bc2ce37ecb1cef28211068b618f20b91d63525ac3485e2f84b3333bb328918c8214e1881e74a2e1292
Malware Config
Extracted
lokibot
http://107.175.150.73/~giftioz/.dycosmxiz/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
invoice.exe
-
Size
649KB
-
MD5
cc08a2eddba277c07eeaf45dee305523
-
SHA1
429c2f58d016c45d74a7ca4599ec4f5918a2cfbb
-
SHA256
b0b7794c7dcb401dd9cf7e14d6b95af37421de550f6990260ce83c674ea38512
-
SHA512
8ff53d89ca5fcd1ca93e483402a7933ff220f1e51fbc93801e35ce938c637a46fe9660fdf6d7e80051d619f8eed427734895cdc5a533983421929f8affc988c0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-