General
-
Target
DHL Express Awb#84571108962.exe
-
Size
416KB
-
Sample
221025-lky7yacbfr
-
MD5
7caa6a5bfad040406b09da1b8344c0f7
-
SHA1
179020d2c7aab60d9fb24d8a080386607ad671ca
-
SHA256
2485eaecd89a36695f8e94d64d8b0450944413a0c8783194ca5ca78cac807aae
-
SHA512
2c5007d1fedb08f356a302705262f33ec08ca1aabfcc7934f466ed8a09239dd099fdede1fcc290cda2bd430e576c079df55cacfb9f93c219779c60a7a4fb140c
-
SSDEEP
12288:Ljh7uf4/F187+Ci9iUb8GFwu+jTA0/oeMEq06Up:UCaaCmb8IsjTA0/BqKp
Malware Config
Extracted
lokibot
http://192.64.118.167/profile.php?id=0ZbRoqHjbXfrX54fnD4rBmzDYlyFq8Yr7ajvA0OLY4dV9iaxVfYwByaATIgkQeLXp4tZ5i
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Express Awb#84571108962.exe
-
Size
416KB
-
MD5
7caa6a5bfad040406b09da1b8344c0f7
-
SHA1
179020d2c7aab60d9fb24d8a080386607ad671ca
-
SHA256
2485eaecd89a36695f8e94d64d8b0450944413a0c8783194ca5ca78cac807aae
-
SHA512
2c5007d1fedb08f356a302705262f33ec08ca1aabfcc7934f466ed8a09239dd099fdede1fcc290cda2bd430e576c079df55cacfb9f93c219779c60a7a4fb140c
-
SSDEEP
12288:Ljh7uf4/F187+Ci9iUb8GFwu+jTA0/oeMEq06Up:UCaaCmb8IsjTA0/BqKp
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-