General
-
Target
5d7892602bc9f05c7978d801dba9300c0507222b48fc2f447a3c472f74d0b0f9.exe
-
Size
763KB
-
Sample
240517-p1qghshg6y
-
MD5
be7cb2cb86c8d45e46fc019318108e3e
-
SHA1
32de5bd28d2f4510e88154f639934495c5344837
-
SHA256
5d7892602bc9f05c7978d801dba9300c0507222b48fc2f447a3c472f74d0b0f9
-
SHA512
ce2dca22e5d85e261c82d3ae67bda56c5415df637c64aa99bf329d7d09d73f5571c62704582d30f0f06e587e0adafc744346ac4d2d34ffc2c523160942d3f701
-
SSDEEP
12288:F0pei36RBRI5/OJZd08Xa0AxdrxqAkYzMTM3YxVmuFAMvP7r9r/+pppppppppppP:Kpp36jygd08Xanxd1qADzMTOiIuC01q
Malware Config
Extracted
lokibot
http://164.90.149.46/index.php/check.php?s=1
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5d7892602bc9f05c7978d801dba9300c0507222b48fc2f447a3c472f74d0b0f9.exe
-
Size
763KB
-
MD5
be7cb2cb86c8d45e46fc019318108e3e
-
SHA1
32de5bd28d2f4510e88154f639934495c5344837
-
SHA256
5d7892602bc9f05c7978d801dba9300c0507222b48fc2f447a3c472f74d0b0f9
-
SHA512
ce2dca22e5d85e261c82d3ae67bda56c5415df637c64aa99bf329d7d09d73f5571c62704582d30f0f06e587e0adafc744346ac4d2d34ffc2c523160942d3f701
-
SSDEEP
12288:F0pei36RBRI5/OJZd08Xa0AxdrxqAkYzMTM3YxVmuFAMvP7r9r/+pppppppppppP:Kpp36jygd08Xanxd1qADzMTOiIuC01q
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-