General
-
Target
tmp
-
Size
213KB
-
Sample
230328-n7atzaah42
-
MD5
1184127cec87d9bce7565f9499eccc69
-
SHA1
7febe24909ec91c066ce6955bf96ead3ab619d9b
-
SHA256
3a1b720f24bfe9a18b5183e3482a50230c33260f5135c99f0581ed8d9a605436
-
SHA512
0a4e98210b4972ea5446bafb4ff71bc7ba0d949416bbddecc8dc5324d6d569b4fd1ab6ad280e9a817fc452349ae149dd3ea3c3d99637132fac7a1a0b31c631ba
-
SSDEEP
3072:qZst70po84o1CIhIBFu6yP0p5S+9UlNUmda0g8Z5zdXAbQmi:iofo1Y/u6yP0p519UlWYfg8Zp98QN
Malware Config
Extracted
lokibot
https://sempersim.su/ha19/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
213KB
-
MD5
1184127cec87d9bce7565f9499eccc69
-
SHA1
7febe24909ec91c066ce6955bf96ead3ab619d9b
-
SHA256
3a1b720f24bfe9a18b5183e3482a50230c33260f5135c99f0581ed8d9a605436
-
SHA512
0a4e98210b4972ea5446bafb4ff71bc7ba0d949416bbddecc8dc5324d6d569b4fd1ab6ad280e9a817fc452349ae149dd3ea3c3d99637132fac7a1a0b31c631ba
-
SSDEEP
3072:qZst70po84o1CIhIBFu6yP0p5S+9UlNUmda0g8Z5zdXAbQmi:iofo1Y/u6yP0p519UlWYfg8Zp98QN
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-