General
-
Target
SecuriteInfo.com.Trojan.MSIL.LokiBot.RPS.MTB.10978.4642.exe
-
Size
850KB
-
Sample
221012-emxzbscda8
-
MD5
563e92482225cccdf613e99a5e9c5878
-
SHA1
19cdb164b288f7eeb0573085dd0618181c7ba19c
-
SHA256
62d20f5ce8950e995b0736bb3bafedb34f3b7d95f190b3a0a1592d808f697cac
-
SHA512
c571e069330a3ee8d25ea9ccb4e53de580288e40258e108d7c0ebcef7cbcc58df851366c6f8a4fdb64389fe1ec6478973a72e15fc6f0fe7f784d083497fe6b47
-
SSDEEP
12288:dp/HG5izZHPnmxRhsonwF4ZwPSS2v77j1I1N7Zd:nZHPmvhsk2D875I1N7
Malware Config
Extracted
formbook
mmtr
A2DZqKcj5ytLVZtHJA==
fMXPWQG+JWa0S6lZOg==
8kymMDxB6ShVJHxu2gshFtXY9Rw=
1TcOF6WxcdzplqFGcUCNkBY=
k3TLhZ+bOG7ahplcPA==
K4kL5Aq5abHNS6lZOg==
mXDSo9XmxlqYN6psOA==
m+RNCVT4shAb
G1kzROn+2jCug7F5psQ=
qNYsJkWzqwkZ
0BcDQuH0xt4oBh4=
pfRW4ZhmRsEiyvP2Mg==
Sqgj4eztyCg0Ezwo39iHXQ==
bIi2etJbcdUB
k2g3gBesND9hUoKOzGaVFKX6IuUaknqH1Q==
8dFDXQPnb4s+sWfhwoqOdgmABBK+YGg=
Pn9PmDzelx84EjfdzY0WkiRPz6i4
SrUfvOfNO3DMdLvB
GFXHQ9NuPdHsxOiU2umGMSiTvQE=
Kv9sdrhSbDfMdLvB
Targets
-
-
Target
SecuriteInfo.com.Trojan.MSIL.LokiBot.RPS.MTB.10978.4642.exe
-
Size
850KB
-
MD5
563e92482225cccdf613e99a5e9c5878
-
SHA1
19cdb164b288f7eeb0573085dd0618181c7ba19c
-
SHA256
62d20f5ce8950e995b0736bb3bafedb34f3b7d95f190b3a0a1592d808f697cac
-
SHA512
c571e069330a3ee8d25ea9ccb4e53de580288e40258e108d7c0ebcef7cbcc58df851366c6f8a4fdb64389fe1ec6478973a72e15fc6f0fe7f784d083497fe6b47
-
SSDEEP
12288:dp/HG5izZHPnmxRhsonwF4ZwPSS2v77j1I1N7Zd:nZHPmvhsk2D875I1N7
Score10/10-
Formbook
Formbook is a data stealing malware which is capable of stealing data.
-
Suspicious use of SetThreadContext
-