General
-
Target
f9af5cb59b54deaa45e5d8f214622de8e3ebb5b2dfb1cb0477cc25afd9ffb31e
-
Size
403KB
-
Sample
230129-x35yzsag55
-
MD5
82013a4d26908c72879fe8c961b88f56
-
SHA1
b2f5743cebf36039d334649b70725b1767c4d488
-
SHA256
f9af5cb59b54deaa45e5d8f214622de8e3ebb5b2dfb1cb0477cc25afd9ffb31e
-
SHA512
e967c21f27637953b57c82f05ef2a41b9fe3de9841c421ac715d59418e7d4024196503ef46176ebe5c54e134c4b979d29241a500f8fab1a37ecc7bd5a17479c5
-
SSDEEP
12288:XaYaRTStypCiWfRBUCZU7AW73Xq4toF6RHvQeW:9aRTSty4UCZToAwi
Malware Config
Extracted
lokibot
http://opdebeeck-vvorth.com/f3/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f9af5cb59b54deaa45e5d8f214622de8e3ebb5b2dfb1cb0477cc25afd9ffb31e
-
Size
403KB
-
MD5
82013a4d26908c72879fe8c961b88f56
-
SHA1
b2f5743cebf36039d334649b70725b1767c4d488
-
SHA256
f9af5cb59b54deaa45e5d8f214622de8e3ebb5b2dfb1cb0477cc25afd9ffb31e
-
SHA512
e967c21f27637953b57c82f05ef2a41b9fe3de9841c421ac715d59418e7d4024196503ef46176ebe5c54e134c4b979d29241a500f8fab1a37ecc7bd5a17479c5
-
SSDEEP
12288:XaYaRTStypCiWfRBUCZU7AW73Xq4toF6RHvQeW:9aRTSty4UCZToAwi
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-