General
-
Target
tmp
-
Size
872KB
-
Sample
221003-exqm1ahbcr
-
MD5
0714f54c17565f792ea4a135a43542d9
-
SHA1
29634cc839666b0c90300fc9609a478cc8d9f0ff
-
SHA256
e9df93b687058986691432ebec95231a8a61e7e8dbedbfb0a7503d789d8510b4
-
SHA512
f67bd41329228691a5c1350ef6f77dde3397bbd7103141c082239eaabcdcc5c03364fb0f2fd0dfb1f2b53137473fda6b08f2ca1496367466ec403feaa7ea9361
-
SSDEEP
12288:dcD3dCK4HTNoMuNhQ2dOoT8nXNXV0YD986RNPvLhPK+h:GDlDXQkOoTuXNXVfTj1K2
Malware Config
Extracted
lokibot
http://171.22.30.164/perez/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
872KB
-
MD5
0714f54c17565f792ea4a135a43542d9
-
SHA1
29634cc839666b0c90300fc9609a478cc8d9f0ff
-
SHA256
e9df93b687058986691432ebec95231a8a61e7e8dbedbfb0a7503d789d8510b4
-
SHA512
f67bd41329228691a5c1350ef6f77dde3397bbd7103141c082239eaabcdcc5c03364fb0f2fd0dfb1f2b53137473fda6b08f2ca1496367466ec403feaa7ea9361
-
SSDEEP
12288:dcD3dCK4HTNoMuNhQ2dOoT8nXNXV0YD986RNPvLhPK+h:GDlDXQkOoTuXNXVfTj1K2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-