General
-
Target
7EC7FB11EF3642DB00F72C811B4C651694B37AFEB4217.exe
-
Size
1.5MB
-
Sample
230804-jsn1tsaa96
-
MD5
d34daab77612f1c0ba5f08cd6f2e9093
-
SHA1
0449e18dc35448f84b82a576479f73dff07df3ce
-
SHA256
7ec7fb11ef3642db00f72c811b4c651694b37afeb421742400d509d4dc57a756
-
SHA512
f68f062d843aeb6d64fa4e1cc619aec5cbe19452aaebb47be3a6832147cfbb805aebe8a7908487b9ffb59acd0c18af7c07f276ef1cf6e655ad2810829126f288
-
SSDEEP
24576:lyFnVEHPzacRa2/7EeiuYKFV74LCxWj56QLZc/X/zQv+uBNC3eCBNUy:lyG570PKzLwj56QLKf/0+iNC3V3
Malware Config
Extracted
lokibot
http://198.98.54.161/b25/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7EC7FB11EF3642DB00F72C811B4C651694B37AFEB4217.exe
-
Size
1.5MB
-
MD5
d34daab77612f1c0ba5f08cd6f2e9093
-
SHA1
0449e18dc35448f84b82a576479f73dff07df3ce
-
SHA256
7ec7fb11ef3642db00f72c811b4c651694b37afeb421742400d509d4dc57a756
-
SHA512
f68f062d843aeb6d64fa4e1cc619aec5cbe19452aaebb47be3a6832147cfbb805aebe8a7908487b9ffb59acd0c18af7c07f276ef1cf6e655ad2810829126f288
-
SSDEEP
24576:lyFnVEHPzacRa2/7EeiuYKFV74LCxWj56QLZc/X/zQv+uBNC3eCBNUy:lyG570PKzLwj56QLKf/0+iNC3V3
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-