General
-
Target
64756e8f5c253a58f8fc8e95a708f647.exe
-
Size
418KB
-
Sample
230118-mghlfsbd7y
-
MD5
64756e8f5c253a58f8fc8e95a708f647
-
SHA1
7e28c11a713061bcad93b8faf2e238a552668bee
-
SHA256
59181328ea5b20dbebffa92c11f3ffa3616cdc8529ae91c3794186055867c6e3
-
SHA512
ae977d3ee77ad647f8ddd28bbf05c88c94afd07c188564065905618d4d74c3696c237e969bda2a0b1b5b1cf05744a914515b6bf7cb9d8ced55913ee7c5f742b0
-
SSDEEP
6144:UYa6hP5KTnXklp3bCljXWNoJ9oQy5To2uMA040vv8tNatjWxG:UY8TnUlNAXWNoJfT2tT4288x
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
64756e8f5c253a58f8fc8e95a708f647.exe
-
Size
418KB
-
MD5
64756e8f5c253a58f8fc8e95a708f647
-
SHA1
7e28c11a713061bcad93b8faf2e238a552668bee
-
SHA256
59181328ea5b20dbebffa92c11f3ffa3616cdc8529ae91c3794186055867c6e3
-
SHA512
ae977d3ee77ad647f8ddd28bbf05c88c94afd07c188564065905618d4d74c3696c237e969bda2a0b1b5b1cf05744a914515b6bf7cb9d8ced55913ee7c5f742b0
-
SSDEEP
6144:UYa6hP5KTnXklp3bCljXWNoJ9oQy5To2uMA040vv8tNatjWxG:UY8TnUlNAXWNoJfT2tT4288x
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-