General
-
Target
9cbc533aff85bb22a0c012e58d2a1778.exe
-
Size
410KB
-
Sample
230118-ztb1naee3y
-
MD5
9cbc533aff85bb22a0c012e58d2a1778
-
SHA1
9598a98df4ceac0388e76af0cc39b4fc26700984
-
SHA256
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
SHA512
0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57
-
SSDEEP
6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9cbc533aff85bb22a0c012e58d2a1778.exe
-
Size
410KB
-
MD5
9cbc533aff85bb22a0c012e58d2a1778
-
SHA1
9598a98df4ceac0388e76af0cc39b4fc26700984
-
SHA256
94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77
-
SHA512
0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57
-
SSDEEP
6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-