General
-
Target
Payment-Receipt.exe
-
Size
835KB
-
Sample
240514-s7lzfsdd87
-
MD5
ec6570ba3ecd5ce8ec00e775eebe3872
-
SHA1
e449ffc0d43aad5dea985ddb2ae506a28e548f88
-
SHA256
bf69d7e6dc53d7406f9ca42a77aab58d4fab67d8c0778f71efc77a9fb653e4c9
-
SHA512
9cefd277e30b232bc661826cf0361d8b0f028378002112b114123ad92317cc610425add500a6858367de7aa60599092d9641eb0af1b58fd16850a970fd6001f8
-
SSDEEP
12288:Ftzd+m39dkAf5YSyBThO6QEJ7KJajLYDcks2qIUtd88ZAFfhAR/e4Fkf:FthkszyqFYKqYHMIN8iFZARG4U
Malware Config
Extracted
lokibot
https://franccoisfreres.com/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Payment-Receipt.exe
-
Size
835KB
-
MD5
ec6570ba3ecd5ce8ec00e775eebe3872
-
SHA1
e449ffc0d43aad5dea985ddb2ae506a28e548f88
-
SHA256
bf69d7e6dc53d7406f9ca42a77aab58d4fab67d8c0778f71efc77a9fb653e4c9
-
SHA512
9cefd277e30b232bc661826cf0361d8b0f028378002112b114123ad92317cc610425add500a6858367de7aa60599092d9641eb0af1b58fd16850a970fd6001f8
-
SSDEEP
12288:Ftzd+m39dkAf5YSyBThO6QEJ7KJajLYDcks2qIUtd88ZAFfhAR/e4Fkf:FthkszyqFYKqYHMIN8iFZARG4U
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
UAC bypass
-
Windows security bypass
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-