General
-
Target
69115ce1a4e407cc8f543db1d60e6022.exe
-
Size
762KB
-
Sample
221012-skkswaggg6
-
MD5
69115ce1a4e407cc8f543db1d60e6022
-
SHA1
471d4969a24788f2c38e031e8f8e094f964316bc
-
SHA256
0ffac76af887d1aadbc9b52dab73c169caeee8ce9905289892fae5064f00099a
-
SHA512
c9c0aa1cfcfa941daba81b50604a0b2665ba3f0fa7581b9ee050a5eaf6f18c1448a50ffe548134bad57293e40a94e09ed8513441ba0fa727f27a6456c3103394
-
SSDEEP
12288:dp/SzjT4AYH7CpZNfuLypYQpot5zek06qiOx:az3GmpZNfu+OQ+5zv06qiOx
Malware Config
Extracted
lokibot
http://171.22.30.147/jungletwo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
69115ce1a4e407cc8f543db1d60e6022.exe
-
Size
762KB
-
MD5
69115ce1a4e407cc8f543db1d60e6022
-
SHA1
471d4969a24788f2c38e031e8f8e094f964316bc
-
SHA256
0ffac76af887d1aadbc9b52dab73c169caeee8ce9905289892fae5064f00099a
-
SHA512
c9c0aa1cfcfa941daba81b50604a0b2665ba3f0fa7581b9ee050a5eaf6f18c1448a50ffe548134bad57293e40a94e09ed8513441ba0fa727f27a6456c3103394
-
SSDEEP
12288:dp/SzjT4AYH7CpZNfuLypYQpot5zek06qiOx:az3GmpZNfu+OQ+5zv06qiOx
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-