General
-
Target
7d7ce39f52b1dde565387ba3033efe1b32f8b5ac1416ec3f4fbd674bf9c901ef
-
Size
353KB
-
Sample
230129-yhtkwscg81
-
MD5
00766095b53ec567f2f7483eae5196ea
-
SHA1
ebbbfd5ebb8beeace042a235abc31d94b3dcebd5
-
SHA256
7d7ce39f52b1dde565387ba3033efe1b32f8b5ac1416ec3f4fbd674bf9c901ef
-
SHA512
12b8ae33e780ea4f0784b53917658cc6a951913e2ed0df3306428a2821857461984d76afb0d45a45ccdc53dab825a85f6be8f736744f6b072626817b800ca120
-
SSDEEP
6144:kNQ33ZUsTzUvNffApiVfQLWEQZe3LihPjRqjhmR43S6wR19TkP:QQ33ZivNgipUW/suhPl4mRmuiP
Malware Config
Extracted
lokibot
http://3tril.com/armani2/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7d7ce39f52b1dde565387ba3033efe1b32f8b5ac1416ec3f4fbd674bf9c901ef
-
Size
353KB
-
MD5
00766095b53ec567f2f7483eae5196ea
-
SHA1
ebbbfd5ebb8beeace042a235abc31d94b3dcebd5
-
SHA256
7d7ce39f52b1dde565387ba3033efe1b32f8b5ac1416ec3f4fbd674bf9c901ef
-
SHA512
12b8ae33e780ea4f0784b53917658cc6a951913e2ed0df3306428a2821857461984d76afb0d45a45ccdc53dab825a85f6be8f736744f6b072626817b800ca120
-
SSDEEP
6144:kNQ33ZUsTzUvNffApiVfQLWEQZe3LihPjRqjhmR43S6wR19TkP:QQ33ZivNgipUW/suhPl4mRmuiP
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-