General
-
Target
b9ff83bfec02bbaba2e8966e3923e08238e295dc9e66b139df4ba1c3f024a8d9
-
Size
668KB
-
Sample
230201-qt3nyaae3w
-
MD5
06f61b2e8dcaeb8e8a1e80611d53baa5
-
SHA1
e97262db5f421274929d9d190d9f45734737f201
-
SHA256
b9ff83bfec02bbaba2e8966e3923e08238e295dc9e66b139df4ba1c3f024a8d9
-
SHA512
e834bf7fe272a929a9b3b93e7e0786e9ada09fc42e76049845909a140b5b94cac22174462d7af72c09b90566e0af3b81c32e18a043d7cf7d8ce4e4b22b25b9b1
-
SSDEEP
12288:ttz8L6guub02iDBd0ER+pVj4pmLoU25nntk6PUi+9xMRSR5SWqG4yPa:wLz0LDwIij4cLNItvX4yRU5JqG4yPa
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b9ff83bfec02bbaba2e8966e3923e08238e295dc9e66b139df4ba1c3f024a8d9
-
Size
668KB
-
MD5
06f61b2e8dcaeb8e8a1e80611d53baa5
-
SHA1
e97262db5f421274929d9d190d9f45734737f201
-
SHA256
b9ff83bfec02bbaba2e8966e3923e08238e295dc9e66b139df4ba1c3f024a8d9
-
SHA512
e834bf7fe272a929a9b3b93e7e0786e9ada09fc42e76049845909a140b5b94cac22174462d7af72c09b90566e0af3b81c32e18a043d7cf7d8ce4e4b22b25b9b1
-
SSDEEP
12288:ttz8L6guub02iDBd0ER+pVj4pmLoU25nntk6PUi+9xMRSR5SWqG4yPa:wLz0LDwIij4cLNItvX4yRU5JqG4yPa
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-