General
-
Target
78e5d7d0502977044109013b3946c9e65c4b96771b2e23c159db32499f08781b
-
Size
632KB
-
Sample
230124-lh6t1abh7w
-
MD5
36a48cae5b7e408a7ead52d27faf0a05
-
SHA1
fe33d94bd5fb22392843db28d30b603d9bac409c
-
SHA256
78e5d7d0502977044109013b3946c9e65c4b96771b2e23c159db32499f08781b
-
SHA512
f680161bf286fafb487eb7addb6934d883dc506cbd8a9de75cf1d63f52aa2bdbbb844e336da35920efb1c543fdd15b9d30abd7ea39f5d9263419460ab68cf6b4
-
SSDEEP
12288:cKvMtEwcU3gZ+GQzjkATGdsKUu0Fhip+9SDIcSmpxI513KzHwr:c66AAgZbQzlGwu0eDLWKC
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
78e5d7d0502977044109013b3946c9e65c4b96771b2e23c159db32499f08781b
-
Size
632KB
-
MD5
36a48cae5b7e408a7ead52d27faf0a05
-
SHA1
fe33d94bd5fb22392843db28d30b603d9bac409c
-
SHA256
78e5d7d0502977044109013b3946c9e65c4b96771b2e23c159db32499f08781b
-
SHA512
f680161bf286fafb487eb7addb6934d883dc506cbd8a9de75cf1d63f52aa2bdbbb844e336da35920efb1c543fdd15b9d30abd7ea39f5d9263419460ab68cf6b4
-
SSDEEP
12288:cKvMtEwcU3gZ+GQzjkATGdsKUu0Fhip+9SDIcSmpxI513KzHwr:c66AAgZbQzlGwu0eDLWKC
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-