General
-
Target
factura y datos bancarios.exe
-
Size
1.2MB
-
Sample
220706-tdb3tseedq
-
MD5
8bd0017d24bdaa6e95ef184d3aadc073
-
SHA1
831e7e3dc39275efd23e9bd786f2c17b2851c0ee
-
SHA256
70bc728fd29480cc15d58902535e7c473c143ccc96c72d9b376a4a10795ca928
-
SHA512
3ec3ef31f8a1979c430436f171b0d1c075b9f3c713b06d5dc855ae42fd4941c3fcd0371f8944d90a7cd4a82a1a3f4d5a90848e517874fb651403edcd075928ca
Malware Config
Extracted
lokibot
http://sempersim.su/gi6/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
factura y datos bancarios.exe
-
Size
1.2MB
-
MD5
8bd0017d24bdaa6e95ef184d3aadc073
-
SHA1
831e7e3dc39275efd23e9bd786f2c17b2851c0ee
-
SHA256
70bc728fd29480cc15d58902535e7c473c143ccc96c72d9b376a4a10795ca928
-
SHA512
3ec3ef31f8a1979c430436f171b0d1c075b9f3c713b06d5dc855ae42fd4941c3fcd0371f8944d90a7cd4a82a1a3f4d5a90848e517874fb651403edcd075928ca
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-