General
-
Target
8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3
-
Size
356KB
-
Sample
230129-yhm34sbd36
-
MD5
5ad08184aeaa9f64bf677394b8bdf5c8
-
SHA1
af7f79acf483d086055f458cbce23b0c93220607
-
SHA256
8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3
-
SHA512
1938f5ebfb43cfa358992e8ef002da9a04690b932bbb909c4224709f191ae42b75c1dd0c3c695fbf6f10b25fedfaf14d051cdcccfb11ec794582031db7c65e3d
-
SSDEEP
6144:ECufjZTsT4UvncOgN2ZSfc4jxw+/E9NmjwE+GjqqYbGMo0/vswnO:ECubZGvncHgS3jxDcyIGjNAGl0Xs
Malware Config
Extracted
lokibot
http://inductotherrnindia.com/bobo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3
-
Size
356KB
-
MD5
5ad08184aeaa9f64bf677394b8bdf5c8
-
SHA1
af7f79acf483d086055f458cbce23b0c93220607
-
SHA256
8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3
-
SHA512
1938f5ebfb43cfa358992e8ef002da9a04690b932bbb909c4224709f191ae42b75c1dd0c3c695fbf6f10b25fedfaf14d051cdcccfb11ec794582031db7c65e3d
-
SSDEEP
6144:ECufjZTsT4UvncOgN2ZSfc4jxw+/E9NmjwE+GjqqYbGMo0/vswnO:ECubZGvncHgS3jxDcyIGjNAGl0Xs
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-