General
-
Target
SecuriteInfo.com.Trojan.MSIL.Crypt.16807.2508.exe
-
Size
599KB
-
Sample
221125-d1xeaaha79
-
MD5
8fe3c5df54a3d50bea8c15671b8b12b3
-
SHA1
b34a8994deb916a7a7e28b626c50395d470454ae
-
SHA256
8d5afeb3ae6e595de86f6b4354e5da7cbb2a7e1c2f366338fa112ed537f39974
-
SHA512
0b6d1f8c086de8023b3113647eb58b285c2876703a46f103f2784d687f89b09cefb9128b8ab1e751e7b875ad3b2a00e753a7f941408e56b1682ec23b9f6be56a
-
SSDEEP
12288:1cQjReHv9FtyHtufElsRk9eBL52jSCAmZJbxpDF:OQj4VFtyNufmsRiejtCA
Malware Config
Extracted
lokibot
http://157.245.36.27/~dokterpol/?page=447989547
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Trojan.MSIL.Crypt.16807.2508.exe
-
Size
599KB
-
MD5
8fe3c5df54a3d50bea8c15671b8b12b3
-
SHA1
b34a8994deb916a7a7e28b626c50395d470454ae
-
SHA256
8d5afeb3ae6e595de86f6b4354e5da7cbb2a7e1c2f366338fa112ed537f39974
-
SHA512
0b6d1f8c086de8023b3113647eb58b285c2876703a46f103f2784d687f89b09cefb9128b8ab1e751e7b875ad3b2a00e753a7f941408e56b1682ec23b9f6be56a
-
SSDEEP
12288:1cQjReHv9FtyHtufElsRk9eBL52jSCAmZJbxpDF:OQj4VFtyNufmsRiejtCA
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-