General
-
Target
197580bd418757b1c3483784384834f3427c08cbd8e6379fb26469078ef885b3_JC.rar
-
Size
133KB
-
Sample
230831-yldc3saa72
-
MD5
8f9d67bfe681efd632e8766722b4ddca
-
SHA1
869d541712fdafea22562e0e413c69efcac82142
-
SHA256
197580bd418757b1c3483784384834f3427c08cbd8e6379fb26469078ef885b3
-
SHA512
fba6332dbcbe0af27f8ecec80eacc88624cc57e11a28ca9ec8934ec2af594275b444aa369eb4bcfbfa24b893970f1f934e4ad174b3cacff4effcd8e853bc7e69
-
SSDEEP
3072:FK45sY4VjYuf2Gta4mVwxX9bmeIL1goTtpO+cbOTMs:FK4uY4hY3GY4mVQzImvlbGZ
Malware Config
Extracted
lokibot
http://163.123.143.202/_errorpages/collins/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Purchase Order.exe
-
Size
319KB
-
MD5
e9cd22cee00736e60274f0c37dea8a8d
-
SHA1
24ff62055e9a96c72b9ef21059c2d32b99c42029
-
SHA256
ee4d55ed48986a573bb735f1c3c4a36ab8601ea3b9fe207d406effd1a74314f6
-
SHA512
b906bd3f9c1d0a15db334d4bb5f9dfe8dbc97d74bfa71d1fe030a913943afb0930e2a2a67db3b2b0e97932f92367649676479a0a158cff19500a58b901c65af6
-
SSDEEP
6144:aGXkalIr6gre9NPk74P4Zp/o/C3oveHUKUKs2bFWh/eWo:aGXka6pelPIp/o7d/N
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-