General
-
Target
e1af09d38e802edf8052a97e2e7a66e6420dbe4a33e1984090d41885211250be.exe
-
Size
973KB
-
Sample
240523-clme4aaa3x
-
MD5
e3bf0f83e5924c6dd863c7875598c96e
-
SHA1
3844bf4a91b809b5af49e48ff76d9487f2a4efe5
-
SHA256
e1af09d38e802edf8052a97e2e7a66e6420dbe4a33e1984090d41885211250be
-
SHA512
980b688078d151814637d188f6bab6e255504698b91c8535a525505a31e6ae372a183f08e598f5578812bd8f88b2f50df9aa3b9faf680edb39c0058c77dd6708
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaDBjOdgAHq6B5:Lh+ZkldoPK8YaDagAv
Malware Config
Extracted
lokibot
http://sempersim.su/d5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e1af09d38e802edf8052a97e2e7a66e6420dbe4a33e1984090d41885211250be.exe
-
Size
973KB
-
MD5
e3bf0f83e5924c6dd863c7875598c96e
-
SHA1
3844bf4a91b809b5af49e48ff76d9487f2a4efe5
-
SHA256
e1af09d38e802edf8052a97e2e7a66e6420dbe4a33e1984090d41885211250be
-
SHA512
980b688078d151814637d188f6bab6e255504698b91c8535a525505a31e6ae372a183f08e598f5578812bd8f88b2f50df9aa3b9faf680edb39c0058c77dd6708
-
SSDEEP
24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaDBjOdgAHq6B5:Lh+ZkldoPK8YaDagAv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-