General
-
Target
eeb800f752648769bd2af8b1e03aa8be27d4458efe9e0450e8a24e860425b0e7
-
Size
171KB
-
Sample
230116-mkzn5sdf66
-
MD5
352ac725d88163238910d2a66480ba6c
-
SHA1
568b70f867ed54a0f4b364191f61905779def271
-
SHA256
eeb800f752648769bd2af8b1e03aa8be27d4458efe9e0450e8a24e860425b0e7
-
SHA512
44c2e7f03f5f14284e487efc1fbce5471232cd4b2160b8303302124e1e39743c0587284d493d4e6492312829849f5b3ca129da30eb262c32f6df665a7b57441b
-
SSDEEP
3072:3fY/TU9fE9PEtudb6l09deXWwHbLuo2vKFAJ24iTiU4Vqf3Vb83GuRB7SC3LM7MT:vYa6r6WneGy4SeJ2fhtJ83l3rnxd5iEb
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
eeb800f752648769bd2af8b1e03aa8be27d4458efe9e0450e8a24e860425b0e7
-
Size
171KB
-
MD5
352ac725d88163238910d2a66480ba6c
-
SHA1
568b70f867ed54a0f4b364191f61905779def271
-
SHA256
eeb800f752648769bd2af8b1e03aa8be27d4458efe9e0450e8a24e860425b0e7
-
SHA512
44c2e7f03f5f14284e487efc1fbce5471232cd4b2160b8303302124e1e39743c0587284d493d4e6492312829849f5b3ca129da30eb262c32f6df665a7b57441b
-
SSDEEP
3072:3fY/TU9fE9PEtudb6l09deXWwHbLuo2vKFAJ24iTiU4Vqf3Vb83GuRB7SC3LM7MT:vYa6r6WneGy4SeJ2fhtJ83l3rnxd5iEb
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-