General
-
Target
3d30de5fd4e266cba3c7ea595863f7389610d0adc5b62fad362d2eb105d8d4d2
-
Size
547KB
-
Sample
240602-ztbpwsfh85
-
MD5
570b9a59b63ca34257fa7711c5ffb311
-
SHA1
9c7c435dd7514f733d948c2363bc5215b4e908a3
-
SHA256
3d30de5fd4e266cba3c7ea595863f7389610d0adc5b62fad362d2eb105d8d4d2
-
SHA512
6961bece03deb2786d737f3007b460998f013ab4a2931f2d7f75f4f2e3695b050f640c6588d9342517d8c55b620315711b3ca70485bb2e266ed2953561c6d375
-
SSDEEP
12288:n/BPJwKcIrPLQBm0waUv2ZtyH1KgLrPHxsY4ZtXE2KkR:/BhcgQBm0wetioOGbtXE2J
Malware Config
Extracted
lokibot
http://45.61.137.215/index.php/6790
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3d30de5fd4e266cba3c7ea595863f7389610d0adc5b62fad362d2eb105d8d4d2
-
Size
547KB
-
MD5
570b9a59b63ca34257fa7711c5ffb311
-
SHA1
9c7c435dd7514f733d948c2363bc5215b4e908a3
-
SHA256
3d30de5fd4e266cba3c7ea595863f7389610d0adc5b62fad362d2eb105d8d4d2
-
SHA512
6961bece03deb2786d737f3007b460998f013ab4a2931f2d7f75f4f2e3695b050f640c6588d9342517d8c55b620315711b3ca70485bb2e266ed2953561c6d375
-
SSDEEP
12288:n/BPJwKcIrPLQBm0waUv2ZtyH1KgLrPHxsY4ZtXE2KkR:/BhcgQBm0wetioOGbtXE2J
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-