General
-
Target
66c432777092cfb4889c0eeb23045e3a3ee23a4c75de41c4dc826ef1fc37887b.exe
-
Size
146KB
-
Sample
221019-2y4btacbfj
-
MD5
b6807b1feeaf3346f0c4d6beaecfc806
-
SHA1
2082c44d859620003d4297d1b54896c11e226056
-
SHA256
66c432777092cfb4889c0eeb23045e3a3ee23a4c75de41c4dc826ef1fc37887b
-
SHA512
f7b8d55a745f132cc2b9694a76670bd47024e63386ba3aa4e200cf480d08595b40f406ac13cca47ddda8a4f185a946c2350589b625ded63c032cbd7a997a68eb
-
SSDEEP
3072:iI8L5IT03/74gz6bcQNFOrma+gazHCZFhnR4AOohVHgg:iI8YC/74gz6DFle7jRhVA
Malware Config
Extracted
lokibot
http://sempersim.su/gk24/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
66c432777092cfb4889c0eeb23045e3a3ee23a4c75de41c4dc826ef1fc37887b.exe
-
Size
146KB
-
MD5
b6807b1feeaf3346f0c4d6beaecfc806
-
SHA1
2082c44d859620003d4297d1b54896c11e226056
-
SHA256
66c432777092cfb4889c0eeb23045e3a3ee23a4c75de41c4dc826ef1fc37887b
-
SHA512
f7b8d55a745f132cc2b9694a76670bd47024e63386ba3aa4e200cf480d08595b40f406ac13cca47ddda8a4f185a946c2350589b625ded63c032cbd7a997a68eb
-
SSDEEP
3072:iI8L5IT03/74gz6bcQNFOrma+gazHCZFhnR4AOohVHgg:iI8YC/74gz6DFle7jRhVA
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-