General
-
Target
02efabc9954928844676eeb598c44ee8.bin
-
Size
193KB
-
Sample
230116-xalpmsbc39
-
MD5
f43cd9e35e0cf871d9763be5765577cf
-
SHA1
3076889f35591032087385cd8533d28930a7be41
-
SHA256
caf4b4bad63a29bd428dcad17ca627977a8940605bb047c0d4d9580724d24d89
-
SHA512
bdd37a738ce1a6b32951458ba1157028555909bd86c68b4caa9a42d372a5f76de9c3620ced3999b6499f62abb66c6a466ac623eedb35ee5f883ecfc1ce346688
-
SSDEEP
3072:Ygvj7QRxP6pzxe4hRsNQl8mV3W69ImQfeQ28UWXUNvqC8sNPWO++RPnRoyu+rP2g:Yg78RxW19haS1FW6ehO6sBNRSyucWS
Malware Config
Extracted
lokibot
http://kene.us/ASAZI/bul.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e09911ae184264e67137f1d9a9a0e38f7f9b736aadf20d6ffb3f28edde9a194e.exe
-
Size
355KB
-
MD5
02efabc9954928844676eeb598c44ee8
-
SHA1
9c1b25bc746486f1a076082562e74371deb4ec66
-
SHA256
e09911ae184264e67137f1d9a9a0e38f7f9b736aadf20d6ffb3f28edde9a194e
-
SHA512
397018dbeef969e0f80cfbc9d7a04fec10512e658bed86a7565a462339f3a187a0cb1fc1507ae3523b52de3272748b44bf8074aa45020c26a44a7daa256ef89f
-
SSDEEP
6144:okwCnl6tA5ObRvwRwof8XaoJduSxAIiHUOadrtd:P5ObvokXlfATk
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-