General
-
Target
Products Order.exe
-
Size
757KB
-
Sample
240516-nt6pgsbc82
-
MD5
ab09f11ddb556069549717cc1f37fdc1
-
SHA1
e4cba5e88d12df5f9b0eb1dab978b48d63f6b57b
-
SHA256
6946d0d3322995d1c4a8f407b8a627e37644dcc4ddef07b97167f9a4e57b0ee1
-
SHA512
c85c518d4216cb9316f96d70240093f4193e5817d761623371f9d6cb011c6d2cb2b8c78162bde04e46baa3add624bdb87c9a506eff97326a34b6a271192f34ba
-
SSDEEP
3072:dYbDPtd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+lEEUMIbhp:2BjkbNNhNHG+96+ixbcdWtoBr
Malware Config
Extracted
lokibot
http://45.90.57.51/big/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Products Order.exe
-
Size
757KB
-
MD5
ab09f11ddb556069549717cc1f37fdc1
-
SHA1
e4cba5e88d12df5f9b0eb1dab978b48d63f6b57b
-
SHA256
6946d0d3322995d1c4a8f407b8a627e37644dcc4ddef07b97167f9a4e57b0ee1
-
SHA512
c85c518d4216cb9316f96d70240093f4193e5817d761623371f9d6cb011c6d2cb2b8c78162bde04e46baa3add624bdb87c9a506eff97326a34b6a271192f34ba
-
SSDEEP
3072:dYbDPtd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+lEEUMIbhp:2BjkbNNhNHG+96+ixbcdWtoBr
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-