General
-
Target
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
Size
183KB
-
Sample
230201-s4269scc8z
-
MD5
a62b834fd42367f384b1a6a7250a3e9f
-
SHA1
0e94fe518c1aaefda7b451640e83dacb850acf24
-
SHA256
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
SHA512
f041f541e8684229024a57f2244ac4f644a94134bf9c45dcbd5938b8a3a55e19191170702bd9b56c0f5dd4e7908efdcba499839c4a50bd6a116d3fcd9507578f
-
SSDEEP
3072:HfY/TU9fE9PEtuIbp9SrK0uwo9zVjotEIg02SdJPW0Ib1OeaLvIqR3IaoLhmOW5d:/Ya6Mp9DLDzVjJn02SLWbp4LI4MhmTDl
Malware Config
Extracted
lokibot
http://185.246.220.85/davidhill/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
Size
183KB
-
MD5
a62b834fd42367f384b1a6a7250a3e9f
-
SHA1
0e94fe518c1aaefda7b451640e83dacb850acf24
-
SHA256
8609e1d5c447b9a77c1e151786125c55fd229f7bc7cd492e8b9bb766cda5d8f5
-
SHA512
f041f541e8684229024a57f2244ac4f644a94134bf9c45dcbd5938b8a3a55e19191170702bd9b56c0f5dd4e7908efdcba499839c4a50bd6a116d3fcd9507578f
-
SSDEEP
3072:HfY/TU9fE9PEtuIbp9SrK0uwo9zVjotEIg02SdJPW0Ib1OeaLvIqR3IaoLhmOW5d:/Ya6Mp9DLDzVjJn02SLWbp4LI4MhmTDl
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-