General
-
Target
25dd292aa9580bbbd9592cb6b665dbfc.exe
-
Size
365KB
-
Sample
230119-shv6tsgc97
-
MD5
25dd292aa9580bbbd9592cb6b665dbfc
-
SHA1
121da4ae670a29924f2e9606ba0b59cef8891a43
-
SHA256
61fbde7746915c8226cae278e4194426b1b7211cb1c6755667d86f02a05594de
-
SHA512
ee38d84efe3389f6db199f0fbb3d0c7a1c582822d0c8bee6dce2bd13b23ce7490fc95ea1055cd0f4a429d72279604e9ecb4708ed061458dc2ca85f2916ad8231
-
SSDEEP
6144:dYa6r6sKX7wQludf3knhXbN3uLNqBQ+ALJLeB3yjEjug4bMI5S71v:dYUulsFcT+E8Cji1w5Spv
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
25dd292aa9580bbbd9592cb6b665dbfc.exe
-
Size
365KB
-
MD5
25dd292aa9580bbbd9592cb6b665dbfc
-
SHA1
121da4ae670a29924f2e9606ba0b59cef8891a43
-
SHA256
61fbde7746915c8226cae278e4194426b1b7211cb1c6755667d86f02a05594de
-
SHA512
ee38d84efe3389f6db199f0fbb3d0c7a1c582822d0c8bee6dce2bd13b23ce7490fc95ea1055cd0f4a429d72279604e9ecb4708ed061458dc2ca85f2916ad8231
-
SSDEEP
6144:dYa6r6sKX7wQludf3knhXbN3uLNqBQ+ALJLeB3yjEjug4bMI5S71v:dYUulsFcT+E8Cji1w5Spv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-