General
-
Target
113c44dd9cf4851f50c0f9ba93877f52
-
Size
1.1MB
-
Sample
231230-hef8dsfge6
-
MD5
113c44dd9cf4851f50c0f9ba93877f52
-
SHA1
2c79f70c4a65d46531251139980d2b9f49e1bb0c
-
SHA256
c905a0a831f688e4262c1ed829f22a286a47de8bbf954bd743f0173d58663cb1
-
SHA512
5a6fa085c608c13f6b1c2b99d18556e1a386b593846f5b66cc9fe04ece4c4377bfb91604a543a97bccccf9ec3f62e4aacc953c1d1eb0cb38e0be20953bbc1e4f
-
SSDEEP
24576:qmJHlFYyblhB4H2u6N4RXcUoVzf/u08sVP:hyK1nw1Enuq
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/hEK4b4C6XDxEd
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
113c44dd9cf4851f50c0f9ba93877f52
-
Size
1.1MB
-
MD5
113c44dd9cf4851f50c0f9ba93877f52
-
SHA1
2c79f70c4a65d46531251139980d2b9f49e1bb0c
-
SHA256
c905a0a831f688e4262c1ed829f22a286a47de8bbf954bd743f0173d58663cb1
-
SHA512
5a6fa085c608c13f6b1c2b99d18556e1a386b593846f5b66cc9fe04ece4c4377bfb91604a543a97bccccf9ec3f62e4aacc953c1d1eb0cb38e0be20953bbc1e4f
-
SSDEEP
24576:qmJHlFYyblhB4H2u6N4RXcUoVzf/u08sVP:hyK1nw1Enuq
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-