General
-
Target
cdcbca7a700fdee5246a10aef03525b7.exe
-
Size
147KB
-
Sample
230124-p2b1hsce2z
-
MD5
cdcbca7a700fdee5246a10aef03525b7
-
SHA1
61a7fcf2d4a51cd208e07394f36aa67a3efe25d6
-
SHA256
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
SHA512
fbe47c44b921e197d367076d6ed41d37a9055043c50993586a9ce84602506b1b6de4b67eb4736fb173cc085e1f87560bfed98ffdb1d2b503d91d49c3a606c431
-
SSDEEP
3072:3fY/TU9fE9PEtuwbkFgPUq8k6IKJ8qzlIsQCWZO8jgrxf3dw1fIkygtLOv7Xf7y:vYa6sCk6JPBIZkv3Cwk0v7Xfm
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cdcbca7a700fdee5246a10aef03525b7.exe
-
Size
147KB
-
MD5
cdcbca7a700fdee5246a10aef03525b7
-
SHA1
61a7fcf2d4a51cd208e07394f36aa67a3efe25d6
-
SHA256
8f8be2570869e7162851b8460f71be93035fd241900cfedda66771ce7c4d26ca
-
SHA512
fbe47c44b921e197d367076d6ed41d37a9055043c50993586a9ce84602506b1b6de4b67eb4736fb173cc085e1f87560bfed98ffdb1d2b503d91d49c3a606c431
-
SSDEEP
3072:3fY/TU9fE9PEtuwbkFgPUq8k6IKJ8qzlIsQCWZO8jgrxf3dw1fIkygtLOv7Xf7y:vYa6sCk6JPBIZkv3Cwk0v7Xfm
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-