General
-
Target
no'lu Siparişiniz 1631807020mvQB5 150adet....pdf.exe
-
Size
747KB
-
Sample
230921-q6x9zsad27
-
MD5
f63d3e8c6f35792f8684966711fecb06
-
SHA1
a218c89d0086523e1411ce36bf52f1f1c37bced3
-
SHA256
1138eda5d851ed987bd7631c9a12c8b463b577fa42b2602539574a586a5a90a1
-
SHA512
8bbca3bf8e3fd7b920173ef7d263107f923ace959385b297fd4dd802897c74d507ddeeaad3825cbb86fd5e9ff1825bf1102ee1021c2a0906edcba5fa23927de9
-
SSDEEP
12288:ah1Lk70TnvjcXg7XU+GM6xyivcp/aUBXeWh2RmioCCRtA:ek70TrcXg7X0M6MdaUAWURmRCCRt
Malware Config
Extracted
lokibot
http://ugopounds.caesarsgroup.top/_errorpages/ugopounds/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
no'lu Siparişiniz 1631807020mvQB5 150adet....pdf.exe
-
Size
747KB
-
MD5
f63d3e8c6f35792f8684966711fecb06
-
SHA1
a218c89d0086523e1411ce36bf52f1f1c37bced3
-
SHA256
1138eda5d851ed987bd7631c9a12c8b463b577fa42b2602539574a586a5a90a1
-
SHA512
8bbca3bf8e3fd7b920173ef7d263107f923ace959385b297fd4dd802897c74d507ddeeaad3825cbb86fd5e9ff1825bf1102ee1021c2a0906edcba5fa23927de9
-
SSDEEP
12288:ah1Lk70TnvjcXg7XU+GM6xyivcp/aUBXeWh2RmioCCRtA:ek70TrcXg7X0M6MdaUAWURmRCCRt
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-