General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.26795.exe
-
Size
859KB
-
Sample
220923-hj7wxaddd9
-
MD5
af3c03edd9d47e628fabc3753ad4a3e5
-
SHA1
1618bc663b874c6d95837369e6264a3d512af6b7
-
SHA256
52431707738f4962e6d465b66c5a8d56d36b0edbcbc268002bc56c6f4b40a4d2
-
SHA512
7ccec21c422e2b71c1620df95204242d6665f7840248cc0015db66f7a052d21b76fcf469631ecae60054dbd532074cc9b3fc4d5f1cc048d2b854223a614fb2d9
-
SSDEEP
12288:uhLuyAHa0FI3ixYqxxuPSp1LFZufTKzxEpe1HQZTt5sy9DZUr/1/LZ:uhLuyyBFLvzWSp1LYTKcaHaTA+Ur/hZ
Malware Config
Extracted
lokibot
http://162.0.223.13/?05315
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.26795.exe
-
Size
859KB
-
MD5
af3c03edd9d47e628fabc3753ad4a3e5
-
SHA1
1618bc663b874c6d95837369e6264a3d512af6b7
-
SHA256
52431707738f4962e6d465b66c5a8d56d36b0edbcbc268002bc56c6f4b40a4d2
-
SHA512
7ccec21c422e2b71c1620df95204242d6665f7840248cc0015db66f7a052d21b76fcf469631ecae60054dbd532074cc9b3fc4d5f1cc048d2b854223a614fb2d9
-
SSDEEP
12288:uhLuyAHa0FI3ixYqxxuPSp1LFZufTKzxEpe1HQZTt5sy9DZUr/1/LZ:uhLuyyBFLvzWSp1LYTKcaHaTA+Ur/hZ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-