General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.30740.26234.exe
-
Size
627KB
-
Sample
221129-jgdqqace6v
-
MD5
be6c1a06b4f8c243eb46405187665eb3
-
SHA1
6c9b1b7d24d6a0095b97ba3d5c99b7dbf68a3553
-
SHA256
bc0599fd31b2ae96861009066fd8fcc3f416eda81d729b02a5adcaa100899591
-
SHA512
82074ef297469ffa1acc77247c11dd231d0cccb27615a0ccc341bd3564aa4745842ddcc6fdce34d3fb51d7a8bb3d3f47c7a240fbff0a4aea37ebcbb85933af53
-
SSDEEP
12288:l5mB3BIDgrGJg6EdQz06KS4zFHYQr1NvWQamIaNY72XQYZ+Zt:ObIkGJgjdy448TaRaXr+Zt
Malware Config
Extracted
lokibot
http://sempersim.su/gm14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.30740.26234.exe
-
Size
627KB
-
MD5
be6c1a06b4f8c243eb46405187665eb3
-
SHA1
6c9b1b7d24d6a0095b97ba3d5c99b7dbf68a3553
-
SHA256
bc0599fd31b2ae96861009066fd8fcc3f416eda81d729b02a5adcaa100899591
-
SHA512
82074ef297469ffa1acc77247c11dd231d0cccb27615a0ccc341bd3564aa4745842ddcc6fdce34d3fb51d7a8bb3d3f47c7a240fbff0a4aea37ebcbb85933af53
-
SSDEEP
12288:l5mB3BIDgrGJg6EdQz06KS4zFHYQr1NvWQamIaNY72XQYZ+Zt:ObIkGJgjdy448TaRaXr+Zt
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-