General
-
Target
e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e
-
Size
444KB
-
Sample
220707-ntxrkshed5
-
MD5
458485361f8283a3b84e7f086883048b
-
SHA1
f49aa7c000a8f2027a638c5d776dd169e42fcb5b
-
SHA256
e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e
-
SHA512
3ffa03cc1c11f2e786ee2ecbd48a6322d8593597d4c0f79905808dc6ecc805d38cb645fbb9bf0b996b9a18676cb833a649b06f28595e19af0f0821be533390d2
Malware Config
Extracted
lokibot
https://komputerowybank.pl/images/gini/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e
-
Size
444KB
-
MD5
458485361f8283a3b84e7f086883048b
-
SHA1
f49aa7c000a8f2027a638c5d776dd169e42fcb5b
-
SHA256
e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e
-
SHA512
3ffa03cc1c11f2e786ee2ecbd48a6322d8593597d4c0f79905808dc6ecc805d38cb645fbb9bf0b996b9a18676cb833a649b06f28595e19af0f0821be533390d2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-