General
-
Target
0fde9e8fc25981ecfa8b50415b78ed0b61daa5b224bfcc2f0afea6e9c40097f1.exe
-
Size
985KB
-
Sample
240605-sz9qjsbg86
-
MD5
f9c728c1291940d7c9434b90fafab1e7
-
SHA1
317de5cea87244d26eab28492f94e3d4510d0d59
-
SHA256
0fde9e8fc25981ecfa8b50415b78ed0b61daa5b224bfcc2f0afea6e9c40097f1
-
SHA512
d252589462f756ec5b11ce9416e62e37e55b0d080cc88741c73588fea9f933b795c0319ddcc4b93bb0763539e65255162f188806c58283470ad70a984630456f
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaqFWbtZn8I5:eh+ZkldoPK8YaqcZdz
Malware Config
Extracted
lokibot
http://giampaolidolciaria.cfd/DV2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0fde9e8fc25981ecfa8b50415b78ed0b61daa5b224bfcc2f0afea6e9c40097f1.exe
-
Size
985KB
-
MD5
f9c728c1291940d7c9434b90fafab1e7
-
SHA1
317de5cea87244d26eab28492f94e3d4510d0d59
-
SHA256
0fde9e8fc25981ecfa8b50415b78ed0b61daa5b224bfcc2f0afea6e9c40097f1
-
SHA512
d252589462f756ec5b11ce9416e62e37e55b0d080cc88741c73588fea9f933b795c0319ddcc4b93bb0763539e65255162f188806c58283470ad70a984630456f
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaqFWbtZn8I5:eh+ZkldoPK8YaqcZdz
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-