General
-
Target
transferencia bancaria.exe
-
Size
1.1MB
-
Sample
220916-qg9aysbehk
-
MD5
9686ef9e7287c5e562599486312d03c0
-
SHA1
291aa3767e8e4d1c4647f0fa9b01033967b36c23
-
SHA256
a604ec512f780de23721c38e825235dbd72219c5f9613cca407aae21d4622709
-
SHA512
661a0eb971962d92d515e68acc924fb976abf51878528b74ab2e63ab24d2d1d3cfb23e51418a41e510051b2ec32487160e61008286e7dfb103c77c4588ef3efa
-
SSDEEP
24576:9mwN7boNhklV1+CQi4hQDgFORqNxZRLNOhg:9mq7ehUs1ESRpOh
Malware Config
Extracted
lokibot
http://sempersim.su/gk6/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
transferencia bancaria.exe
-
Size
1.1MB
-
MD5
9686ef9e7287c5e562599486312d03c0
-
SHA1
291aa3767e8e4d1c4647f0fa9b01033967b36c23
-
SHA256
a604ec512f780de23721c38e825235dbd72219c5f9613cca407aae21d4622709
-
SHA512
661a0eb971962d92d515e68acc924fb976abf51878528b74ab2e63ab24d2d1d3cfb23e51418a41e510051b2ec32487160e61008286e7dfb103c77c4588ef3efa
-
SSDEEP
24576:9mwN7boNhklV1+CQi4hQDgFORqNxZRLNOhg:9mq7ehUs1ESRpOh
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-