General
-
Target
541bb6e026f837faa2b64b31b0a2ec0c
-
Size
814KB
-
Sample
231226-e3f1radehk
-
MD5
541bb6e026f837faa2b64b31b0a2ec0c
-
SHA1
1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
-
SHA256
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
-
SHA512
2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9
-
SSDEEP
12288:hYL32wyvUIZbVlBPI2VBPSUK2p6DL9HDzr5sb56uOtisxndPkMRx/TlobC9lqQr:hvDBlBPIOBPS9hL9jzFOOEyd5TGv
Malware Config
Extracted
lokibot
http://192.236.179.121/new/zubby/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
541bb6e026f837faa2b64b31b0a2ec0c
-
Size
814KB
-
MD5
541bb6e026f837faa2b64b31b0a2ec0c
-
SHA1
1cd6d3ceae4177bba8add5ef473b80edb6bc55d3
-
SHA256
b916cd21d5759f9c2e98aed2297b0d2f0201f8390347856b37e493e808132153
-
SHA512
2c880847e2fbf0f221eeae08c8997ad9b36c8f32e00d93ca3fdf9283bf895160378f3839770643353bb2fdccf7a529f02040881efef7d5cb2b91732c66ccede9
-
SSDEEP
12288:hYL32wyvUIZbVlBPI2VBPSUK2p6DL9HDzr5sb56uOtisxndPkMRx/TlobC9lqQr:hvDBlBPIOBPS9hL9jzFOOEyd5TGv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-