General
-
Target
8dd83883d8daee30f21adb85cff72ca768a80559820dd1770399c3f5c86f52ef.zip
-
Size
798KB
-
Sample
230321-rz6s8adc81
-
MD5
d81f56da11a8ee1aa8f4a91fac5fad7d
-
SHA1
fba599c0a3375f9e07ed1e603bb073b82738a742
-
SHA256
c6e9fd457ac9a255f6b2fd684fb0f04349664366df6ea3dba5a6449bac54af7c
-
SHA512
951c621751423443a2d4d454c3ee0f7e7de993a060f99a5a035a2eb86e1893f2a0ba541cc1e2456cc2712707d7afe41c8973707a81a4c24cb6fedcfaa9a52dea
-
SSDEEP
24576:OhSsyJBaYBjJDD9J7EylPoGg0UiSVOqnIc:YoBJB5D9J4aZ3c
Malware Config
Extracted
lokibot
http://171.22.30.164/kung/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8dd83883d8daee30f21adb85cff72ca768a80559820dd1770399c3f5c86f52ef.exe
-
Size
981KB
-
MD5
d528fdd2fae1e4f0c01ce1ad1e0a7cfd
-
SHA1
6cd09f12f43e69594e2d049c0435c123316d4308
-
SHA256
8dd83883d8daee30f21adb85cff72ca768a80559820dd1770399c3f5c86f52ef
-
SHA512
b7f2d2752f97664faeb42ab588396795096ce13545397306c2db979ef06a95138c7200a6ce25bf6862ac1bd45966e4ddb743be561cd06f71d9698859ed644ac8
-
SSDEEP
12288:N3NWNXazC4s95aM7U/N8LnBJF9Fvj1aYKIEk6g5UY5FM3MFH5r4uDYhStl:Ir5Hk8LnBXTr8YlEIUY5FM3hu0hSt
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-