General
-
Target
2938cb4a91296c733ccfe6155ce0b781
-
Size
662KB
-
Sample
221004-x2y42scae8
-
MD5
2938cb4a91296c733ccfe6155ce0b781
-
SHA1
2d0eff8071cb5dfec280f6a1728ae4a0971f14f4
-
SHA256
b2ad328c5f05213dd4f1fd127b2201a498eccfb67bd07bf48eb432c69ec94dfd
-
SHA512
ba22ff9cea5f38330af51b8cfe6d372fde13e67aa90a601e9a1aaa43d95ec895f7a3d958e481b35b50d481cc61c47d3095f1b230bbe3f1b2b50af5cea53fb529
-
SSDEEP
12288:yxj2dYLzTFeTEU0bbalvKEA816sUrJpFRJQRZjxZ12GPjT:eLnFeTE9mc1pJpdQR9f
Malware Config
Extracted
lokibot
http://sempersim.su/gk18/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Flowtronix enquiry.exe
-
Size
700KB
-
MD5
6a46df422796f0c3b68f869741c924e9
-
SHA1
b16126baa282032e1a0e84dafd26536072e19f16
-
SHA256
5481601d66580551f4f9fa6841076d2ac05189ac292da6a983c5ab44e208e270
-
SHA512
ce5f464a23fd62c72a3ca2b8c8a12bd6d59b112c5407124506187c49009b1cf4a70a9398cec1d0958fa5aaf4e12a025c21a332b4a6849ce14705967e5b1d1629
-
SSDEEP
12288:SUbgw6ZNi99YaiT7uJTpz0buZyQOhON9wbVtFdBy0EVQjwcob:QdZYkaiT7ufwhtJtFT
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-