General
-
Target
2c4708cd6157b24e97e1042e2b17714d
-
Size
1.6MB
-
Sample
231225-tp7c4sfea7
-
MD5
2c4708cd6157b24e97e1042e2b17714d
-
SHA1
eaa1151ce043c19f7e2392644fb68cdc8334d60f
-
SHA256
8942edf3d687cf7a5229641f19ff22fbe247038ffa5aa5c041ab8c1802f7f738
-
SHA512
09013f3f416873a839ef444c753f6efc0ec36e6b26cbe50b9d6f1262818072d874e3ee33f2ac1d1d1288f6b45165df4870d4b03831ca798ac1d680598c476df8
-
SSDEEP
24576:/tb20pkaCqT5TBWgNQ7assLSFV4wfQI9jXQEQ9Z3nv+jedfH4qi+ve1F/uev6A:8Vg5tQ7assLgKebC9ZXemFhve19u85
Malware Config
Extracted
lokibot
http://141.105.71.126/oss/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2c4708cd6157b24e97e1042e2b17714d
-
Size
1.6MB
-
MD5
2c4708cd6157b24e97e1042e2b17714d
-
SHA1
eaa1151ce043c19f7e2392644fb68cdc8334d60f
-
SHA256
8942edf3d687cf7a5229641f19ff22fbe247038ffa5aa5c041ab8c1802f7f738
-
SHA512
09013f3f416873a839ef444c753f6efc0ec36e6b26cbe50b9d6f1262818072d874e3ee33f2ac1d1d1288f6b45165df4870d4b03831ca798ac1d680598c476df8
-
SSDEEP
24576:/tb20pkaCqT5TBWgNQ7assLSFV4wfQI9jXQEQ9Z3nv+jedfH4qi+ve1F/uev6A:8Vg5tQ7assLgKebC9ZXemFhve19u85
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-