General
-
Target
tmp
-
Size
241KB
-
Sample
230606-kzs4ssdd7y
-
MD5
97af8aab7ebe33724a905b9bf06bc2ac
-
SHA1
26b502b3632902a1b29e3d21b532878aeaf843f5
-
SHA256
76ce8f223ea7ed7ea2f38c52e7d5cb7f58ddcee9e0f22aaa305ebecedd6cc248
-
SHA512
4b6ff42f40429997566cbbb40b93e8638685bd5109b4f9818e4e888bfa91f0264058c0da9fcf5c5ed8a4895a1c408b5aa773fb449c101891a988bd3e399637d0
-
SSDEEP
3072:Nf5ROU3cKNFO160IZO7AQshaf73Qd5C3z1l9O98rvPy9x+9hO+d:p5ROxKNFO160376AfTM5ChlvvPfr
Malware Config
Extracted
lokibot
http://171.22.30.164/okuman/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
tmp
-
Size
241KB
-
MD5
97af8aab7ebe33724a905b9bf06bc2ac
-
SHA1
26b502b3632902a1b29e3d21b532878aeaf843f5
-
SHA256
76ce8f223ea7ed7ea2f38c52e7d5cb7f58ddcee9e0f22aaa305ebecedd6cc248
-
SHA512
4b6ff42f40429997566cbbb40b93e8638685bd5109b4f9818e4e888bfa91f0264058c0da9fcf5c5ed8a4895a1c408b5aa773fb449c101891a988bd3e399637d0
-
SSDEEP
3072:Nf5ROU3cKNFO160IZO7AQshaf73Qd5C3z1l9O98rvPy9x+9hO+d:p5ROxKNFO160376AfTM5ChlvvPfr
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-