General
-
Target
3c74c849a09e708972e0dd3b46cd9f583059f8f5cd9d3f2db5bd3a9b8a788c41.zip
-
Size
680KB
-
Sample
230208-ly721aab48
-
MD5
129670eaf7f7fc83152acbb2983a13cc
-
SHA1
06b42e56e2059cd87a9783bf5d92fc7e0fe527e3
-
SHA256
3ac46005c86365da249d182b6779c120c2f3f7f8615fbab7390fb7051d689ac2
-
SHA512
afc9056ad4b3ad5ca23288e0e0a12b460e4e18fca360448eac16ae17c428bb3034520520f7c39827828fd8db2f64f0579de35c42ebf1020b82b6ac65e14f2e93
-
SSDEEP
12288:Z//oVV6sYNpAJpH53iQdiHf+XyURUKaJCzYNS4GfZh7swJx2mLz18A8JQCBy7ulh:Z//E6wpgQds+XycGIzYNCgFOz18A8JG8
Malware Config
Extracted
lokibot
https://sempersim.su/ha4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3c74c849a09e708972e0dd3b46cd9f583059f8f5cd9d3f2db5bd3a9b8a788c41.exe
-
Size
726KB
-
MD5
8a86ecf19e44fdb01bebd049066ae5ec
-
SHA1
7be3fa1a92526cce784e8ba0f06f0183448dd5a7
-
SHA256
3c74c849a09e708972e0dd3b46cd9f583059f8f5cd9d3f2db5bd3a9b8a788c41
-
SHA512
eed9861b59a46e4bafe3931dc0ffbe3e95bd30b7208755544c7e721579e1f38aaf5c9d3dceb8868cd3a0010bff851630cef1a9ef2d7c02a5a7a51e8d4ea7941d
-
SSDEEP
12288:31MPA3bSkmtgIXHDiwOtUeQ9B7Nusv3ZV+hliQdRIOrx7p58lCrd4gyQapWMsN:6A3b++FQrV3ZwliQdrxN5IC54TWMa
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-