General
-
Target
tmp
-
Size
810KB
-
Sample
230120-x7pskahe47
-
MD5
c5bafe3458d291bf09cd412eae71d481
-
SHA1
bc510c22a532cace309eb7c94208c4e8649c030f
-
SHA256
8ac633cce1e7ca43e127cdb82ebb3fde7defd23d7a59daf3394a2e57a3a61048
-
SHA512
d262b7898f409fbae29ee221c325589b9717d3f36cbf2f4350aa01c998c00828fa78145f6883f44faf09e6d624815f68fb794380658b45394e3129d9d37ac7fe
-
SSDEEP
12288:GoStTmHkFrVbS45nJpaqnSnnlAhFGYQeAF7K5NrKOa3RHgkDuZk08bk53j:GtkkFrBS4ZCnlCFGYoBK5FaZg/k0
Malware Config
Extracted
lokibot
http://171.22.30.147/line/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
810KB
-
MD5
c5bafe3458d291bf09cd412eae71d481
-
SHA1
bc510c22a532cace309eb7c94208c4e8649c030f
-
SHA256
8ac633cce1e7ca43e127cdb82ebb3fde7defd23d7a59daf3394a2e57a3a61048
-
SHA512
d262b7898f409fbae29ee221c325589b9717d3f36cbf2f4350aa01c998c00828fa78145f6883f44faf09e6d624815f68fb794380658b45394e3129d9d37ac7fe
-
SSDEEP
12288:GoStTmHkFrVbS45nJpaqnSnnlAhFGYQeAF7K5NrKOa3RHgkDuZk08bk53j:GtkkFrBS4ZCnlCFGYoBK5FaZg/k0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-