General
-
Target
6335e0e1aacc6c8b59b75922db82b6ddcb2d4346d0d362e84435b799f7c402d5
-
Size
485KB
-
Sample
240518-f5g69sdf9v
-
MD5
52f4a2248147259ec3bc9528e5f26497
-
SHA1
fc25ce058aea41ea8ecb77143c0a552243f3a6a1
-
SHA256
6335e0e1aacc6c8b59b75922db82b6ddcb2d4346d0d362e84435b799f7c402d5
-
SHA512
577a5f5d40db04dcd7233df21c432baa711ce4c1edc754eef7b2270463dcc5a7f4226c47280fe12f5b2ee2757172763a55e6f3e59e57c00314e3a7b7a6e23694
-
SSDEEP
12288:xOAbT2BqefhvfWpscJOuEZu73XoeAX1NRlN:xOAbTNsXNqdmXBlN
Malware Config
Extracted
lokibot
http://joanread.ru/decap/fred.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
984103921.exe
-
Size
1.1MB
-
MD5
cc0e716a78f512ca26dd846f26a7c266
-
SHA1
e27f9e14390b02babb20c041aec74a5327a6272d
-
SHA256
74a860b98c643e4472e85899e51ff0f7fe61eee086348028f9cc084b6980b7f9
-
SHA512
64a5a9c40f305a4487793fdffcb7fd51a0057ccfdd26b05b24e6ffb78b3c2a093f15cd4fc39257accd9db507ade8ea89fb73731bac9f54739a19a3282d58563d
-
SSDEEP
24576:IRZc8SBe+COgQOAp9FIKc1L4EjCLx2pFpsGep:IRZj+CNL4w82m
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-