General
-
Target
97a3313357020aa0cda6addb7bd2015cc52f67dcde4c75f4d89f9f4d76f17b04
-
Size
497KB
-
Sample
240508-lky7yaea5t
-
MD5
86c88ab317956ee1d35b5802845de055
-
SHA1
7fa40da683832dc76d91722f45de061e15103beb
-
SHA256
97a3313357020aa0cda6addb7bd2015cc52f67dcde4c75f4d89f9f4d76f17b04
-
SHA512
07f015a94eece0645e6532e238b2aed4658ac1636e875d9e675611297913556aba2ae911a70c00527432b8632ca72ba84433c0be3fe9bd327b18d5b2601100d3
-
SSDEEP
12288:prX0oLtyfYW/PgFMeouMeJm99hecws1+r56:pYg8fYeoFMeouzJ+95f8
Malware Config
Extracted
lokibot
http://178.128.238.137/index.php/4988
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
97a3313357020aa0cda6addb7bd2015cc52f67dcde4c75f4d89f9f4d76f17b04
-
Size
497KB
-
MD5
86c88ab317956ee1d35b5802845de055
-
SHA1
7fa40da683832dc76d91722f45de061e15103beb
-
SHA256
97a3313357020aa0cda6addb7bd2015cc52f67dcde4c75f4d89f9f4d76f17b04
-
SHA512
07f015a94eece0645e6532e238b2aed4658ac1636e875d9e675611297913556aba2ae911a70c00527432b8632ca72ba84433c0be3fe9bd327b18d5b2601100d3
-
SSDEEP
12288:prX0oLtyfYW/PgFMeouMeJm99hecws1+r56:pYg8fYeoFMeouzJ+95f8
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-