General
-
Target
Purchase Inquiry.exe
-
Size
721KB
-
Sample
221128-j29nwsdb9s
-
MD5
bbf8cc59cbe4cd8d3845c1499335c07f
-
SHA1
045568cace1af652cf3dea51f561bfe80c0035d7
-
SHA256
7329528ead7542c9af48aeff33fcfa265731b53ad352af1efc3666911f115090
-
SHA512
7a26c93971d7470800187fecb2908d377bd2df9aa24fd69b6c6c999746384f37e2cfc13679cef3977e4bb7b833f504ab4c2cbf10bb2883f9d52d711f678f9210
-
SSDEEP
12288:Be1O4WxovDi23bDIg95lzKogGNkwZ3cYRMdS98MTHRyoY:eIgvxKodMS2MjRpY
Malware Config
Extracted
lokibot
http://157.245.36.27/~dokterpol/?page=14914169539334
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Purchase Inquiry.exe
-
Size
721KB
-
MD5
bbf8cc59cbe4cd8d3845c1499335c07f
-
SHA1
045568cace1af652cf3dea51f561bfe80c0035d7
-
SHA256
7329528ead7542c9af48aeff33fcfa265731b53ad352af1efc3666911f115090
-
SHA512
7a26c93971d7470800187fecb2908d377bd2df9aa24fd69b6c6c999746384f37e2cfc13679cef3977e4bb7b833f504ab4c2cbf10bb2883f9d52d711f678f9210
-
SSDEEP
12288:Be1O4WxovDi23bDIg95lzKogGNkwZ3cYRMdS98MTHRyoY:eIgvxKodMS2MjRpY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-