General
-
Target
65049427267cd26f04b82adc800345c8c2c4471e4797937830825aaa68ed7b41.exe
-
Size
581KB
-
Sample
240523-a4d6bsfb91
-
MD5
5fefd5fdf8bb0e0aa678d91fe928f7b2
-
SHA1
c5f49e19b4d215fdd9b37ad8cda6cd95c2e77002
-
SHA256
65049427267cd26f04b82adc800345c8c2c4471e4797937830825aaa68ed7b41
-
SHA512
5aa0e1c40f7cd469b9d81ff418bc6fc3865fef9aad1ccb640a994675221a3375e7591174d209348dd5df7fbf13d0edfa4fd3dfd583c2d398bf23ca77ba694c10
-
SSDEEP
12288:YPWET/mr9KhO9k8vW8kgTr2W7a8ZQ9W24XxnAAdgzDjbZkR:YPWtNW8vW8k9X8ZeBO9AugnnE
Malware Config
Extracted
lokibot
http://45.61.137.215/index.php/6790
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
65049427267cd26f04b82adc800345c8c2c4471e4797937830825aaa68ed7b41.exe
-
Size
581KB
-
MD5
5fefd5fdf8bb0e0aa678d91fe928f7b2
-
SHA1
c5f49e19b4d215fdd9b37ad8cda6cd95c2e77002
-
SHA256
65049427267cd26f04b82adc800345c8c2c4471e4797937830825aaa68ed7b41
-
SHA512
5aa0e1c40f7cd469b9d81ff418bc6fc3865fef9aad1ccb640a994675221a3375e7591174d209348dd5df7fbf13d0edfa4fd3dfd583c2d398bf23ca77ba694c10
-
SSDEEP
12288:YPWET/mr9KhO9k8vW8kgTr2W7a8ZQ9W24XxnAAdgzDjbZkR:YPWtNW8vW8k9X8ZeBO9AugnnE
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-