General
-
Target
.win32.exe
-
Size
346KB
-
Sample
230319-b79bbage3t
-
MD5
d65227a02d2c238246f6e73ba74af070
-
SHA1
8a96be52f400800ff71767c1aa71d098b55ee20c
-
SHA256
05d7452d9b12a965358ccf14aef827861b78eacdcb66ab48618102aa7ef713b2
-
SHA512
f1fb58942a1b01f85ad99fa55af5b91c64b54bb219d9e8a29ff5da177834b172e0b3645553e2d99f5389e37e760291ca2569dca3d35291f67917ef50a802846c
-
SSDEEP
3072:rU2UNO+iWWYAqLet501NMAELFWzaJWhsziQXHHStvpgZ1ko2TfI3okCWsQbh:+NO2WYAqLetQK8hCisScyQ7s4
Malware Config
Extracted
lokibot
http://208.67.105.148/mous/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
.win32.exe
-
Size
346KB
-
MD5
d65227a02d2c238246f6e73ba74af070
-
SHA1
8a96be52f400800ff71767c1aa71d098b55ee20c
-
SHA256
05d7452d9b12a965358ccf14aef827861b78eacdcb66ab48618102aa7ef713b2
-
SHA512
f1fb58942a1b01f85ad99fa55af5b91c64b54bb219d9e8a29ff5da177834b172e0b3645553e2d99f5389e37e760291ca2569dca3d35291f67917ef50a802846c
-
SSDEEP
3072:rU2UNO+iWWYAqLet501NMAELFWzaJWhsziQXHHStvpgZ1ko2TfI3okCWsQbh:+NO2WYAqLetQK8hCisScyQ7s4
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-