General
-
Target
SOApdf.exe
-
Size
678KB
-
Sample
221129-st63gaef8z
-
MD5
0604bc036681828e7514b40941cb7368
-
SHA1
ef0fa638d1735db87930545fd82ebe02092bf8d1
-
SHA256
a22eeae67724c14ca9a2e132c91c81c71da2100b9187976d7ae97884efadc637
-
SHA512
4ebdf06ab3490f321458b89723b2d943a44f2e13e1a57e679d26cfd085caed6a7af1ac9af896dcef9102ed0f707f95ef6fbbcdc73095566624476d19047c4b3f
-
SSDEEP
12288:nOv9CqkaB2PJMFpaHdELhATTemmJEy/QTXIaAs8QqdqJHED:kCq6P+Fpa9UhyTVm+yEXIshkD
Malware Config
Extracted
lokibot
http://208.67.105.148/ser/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SOApdf.exe
-
Size
678KB
-
MD5
0604bc036681828e7514b40941cb7368
-
SHA1
ef0fa638d1735db87930545fd82ebe02092bf8d1
-
SHA256
a22eeae67724c14ca9a2e132c91c81c71da2100b9187976d7ae97884efadc637
-
SHA512
4ebdf06ab3490f321458b89723b2d943a44f2e13e1a57e679d26cfd085caed6a7af1ac9af896dcef9102ed0f707f95ef6fbbcdc73095566624476d19047c4b3f
-
SSDEEP
12288:nOv9CqkaB2PJMFpaHdELhATTemmJEy/QTXIaAs8QqdqJHED:kCq6P+Fpa9UhyTVm+yEXIshkD
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-