General
-
Target
D2ABC8B5215CE5DB78F529969D81E413902A80D6D40F3.exe
-
Size
1.1MB
-
Sample
230130-czp35sdh76
-
MD5
fd115aef202ce2c98042e28afeb7960b
-
SHA1
cc2c4ca19ffeabffd7961c397c9038ad42317495
-
SHA256
d2abc8b5215ce5db78f529969d81e413902a80d6d40f353c0c5eb3df48624a81
-
SHA512
16642fc2913936ace7d0733795481188bf31fa6d2276598018d2e0dff6c058b4237b30cf2101f77b9dc680a619bd68deb251c3dd18967dbfdf8ab34e09158570
-
SSDEEP
24576:tVontcjwYcpp2zprbl7gWJ54eMSkyAJnZaurnHCIF6E4mH/DgqTE7p5WXtZV/ZiJ:tVond7yBkWAq
Malware Config
Extracted
lokibot
http://31.220.2.120/~danielwa/secure/dash/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
D2ABC8B5215CE5DB78F529969D81E413902A80D6D40F3.exe
-
Size
1.1MB
-
MD5
fd115aef202ce2c98042e28afeb7960b
-
SHA1
cc2c4ca19ffeabffd7961c397c9038ad42317495
-
SHA256
d2abc8b5215ce5db78f529969d81e413902a80d6d40f353c0c5eb3df48624a81
-
SHA512
16642fc2913936ace7d0733795481188bf31fa6d2276598018d2e0dff6c058b4237b30cf2101f77b9dc680a619bd68deb251c3dd18967dbfdf8ab34e09158570
-
SSDEEP
24576:tVontcjwYcpp2zprbl7gWJ54eMSkyAJnZaurnHCIF6E4mH/DgqTE7p5WXtZV/ZiJ:tVond7yBkWAq
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-