General
-
Target
6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb.exe
-
Size
217KB
-
Sample
230206-h2nkzsce39
-
MD5
2cdb13d0611023b8496cb5ba9a5f59db
-
SHA1
2a20f9f6dc9a9be0553a2614538e5fada5dfbd54
-
SHA256
6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb
-
SHA512
5a50076c0f1ab10bf38377460a80094f6e0d4ab846992a342d48de37daac66355bc5f3e22b81d2825744720716c4105ca29d5fb30157f40bbcf58af7985c5f28
-
SSDEEP
6144:vYa6Hg5j1ktqoHgDxmGIo5CoE8Js1LcdYUg:vYV2k3ADx3L5JNs1IdYUg
Malware Config
Extracted
lokibot
https://sempersim.su/ha1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb.exe
-
Size
217KB
-
MD5
2cdb13d0611023b8496cb5ba9a5f59db
-
SHA1
2a20f9f6dc9a9be0553a2614538e5fada5dfbd54
-
SHA256
6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb
-
SHA512
5a50076c0f1ab10bf38377460a80094f6e0d4ab846992a342d48de37daac66355bc5f3e22b81d2825744720716c4105ca29d5fb30157f40bbcf58af7985c5f28
-
SSDEEP
6144:vYa6Hg5j1ktqoHgDxmGIo5CoE8Js1LcdYUg:vYV2k3ADx3L5JNs1IdYUg
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-