General
-
Target
16545904726.zip
-
Size
556KB
-
Sample
240410-lv15aaed6s
-
MD5
f4f2b565a74e82ded19e4c48c3947116
-
SHA1
ce8ce23e48f8508dc5035415b46b4560cd4cc3f6
-
SHA256
28a89d8404b100ed317bb7d35cf4a5bf8a16fc9ac72c9fed759699bef27bfdef
-
SHA512
28ed2f4478b27264097c585102a3864f7ccba68b5072e91b8d1edebe9ae36c612e1d4e019c7add3073d55a256bfe6cfa3812f13e906b38ca3d7cc8bb750f0468
-
SSDEEP
12288:a7Ih/1mQ0Ls94NU3tMujvAwrbZmeMpg4IrvgLav:0dseUxAwHZmXpg4IrvgLE
Malware Config
Extracted
lokibot
https://dsbr.cam/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
110fcb9a9e48e281e77816e04352ac0491d70cd60b439e1773c61adc5a5b5332
-
Size
1.1MB
-
MD5
71564efb008216103fc9facc1200d9b2
-
SHA1
11b84c29a52b4fc7406551b36cb0ae644479a50e
-
SHA256
110fcb9a9e48e281e77816e04352ac0491d70cd60b439e1773c61adc5a5b5332
-
SHA512
1dc9148850b2007ef853584dff7158aaa71819a00ddc0e9bcc04c237fcc79f488d4ed7e04cfe786ba0bab067d9aaf9c7af597f1c85150b1cc2e923dcdcbbd364
-
SSDEEP
24576:+2nJdiAsU5aQevGlHxmR7kYyqKTHVZ7Dnku/Y+3X3BqtF4QpwV:dnJdik8QevGZxSkYyqKX7DW+3nfV
Score10/10-
Detect ZGRat V1
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-