General
-
Target
2052-12-0x0000000004400000-0x00000000044A2000-memory.dmp
-
Size
648KB
-
Sample
240517-leb58abe61
-
MD5
a9ba23b7951a7ea7528ec8cd1616dbb3
-
SHA1
22004c3ebd79e2974cbf31b6e02adba555b8db6f
-
SHA256
c60350079346760c4d41fdea5c255689221a2c6edcab364c3f752d35fab11129
-
SHA512
2d569a87501654845a88027e6846dd663f2364d3c0a8f9de2339a8404863fbed61aef544aa32851d6005f8bffe05b67439ba79e9da4d1771d41c9dbf13fc2e97
-
SSDEEP
3072:nSHIG6mQwGmfOQd8YhY0/EqUGQx8K0D3uhiu6w2P4/F42Js5vlEL8P:ncd6bUfFdXThU142J+28P
Malware Config
Extracted
lokibot
http://sempersim.su/d2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2052-12-0x0000000004400000-0x00000000044A2000-memory.dmp
-
Size
648KB
-
MD5
a9ba23b7951a7ea7528ec8cd1616dbb3
-
SHA1
22004c3ebd79e2974cbf31b6e02adba555b8db6f
-
SHA256
c60350079346760c4d41fdea5c255689221a2c6edcab364c3f752d35fab11129
-
SHA512
2d569a87501654845a88027e6846dd663f2364d3c0a8f9de2339a8404863fbed61aef544aa32851d6005f8bffe05b67439ba79e9da4d1771d41c9dbf13fc2e97
-
SSDEEP
3072:nSHIG6mQwGmfOQd8YhY0/EqUGQx8K0D3uhiu6w2P4/F42Js5vlEL8P:ncd6bUfFdXThU142J+28P
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-