General
-
Target
fabb9cedf115627ea43633dc8f064ddf8bf660036d0f5743ef0dada4b983db4a.exe
-
Size
96KB
-
Sample
240515-chdzjsca4s
-
MD5
95574990294038735668bcbcbc901f8e
-
SHA1
368d52901d5dd8caeac8b0cbdd7086952ec3fd1c
-
SHA256
fabb9cedf115627ea43633dc8f064ddf8bf660036d0f5743ef0dada4b983db4a
-
SHA512
f96ca75aee0fb9c922743532402f114def45474c0b46eda438a5d895f0c6181eaac7a4002e6007fd1d4b433ce90d7f8bd35018a7b0d470204208906a1da0bbea
-
SSDEEP
1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG
Malware Config
Extracted
lokibot
http://tampabayllc.top/teamb/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fabb9cedf115627ea43633dc8f064ddf8bf660036d0f5743ef0dada4b983db4a.exe
-
Size
96KB
-
MD5
95574990294038735668bcbcbc901f8e
-
SHA1
368d52901d5dd8caeac8b0cbdd7086952ec3fd1c
-
SHA256
fabb9cedf115627ea43633dc8f064ddf8bf660036d0f5743ef0dada4b983db4a
-
SHA512
f96ca75aee0fb9c922743532402f114def45474c0b46eda438a5d895f0c6181eaac7a4002e6007fd1d4b433ce90d7f8bd35018a7b0d470204208906a1da0bbea
-
SSDEEP
1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-