General
-
Target
310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d.exe
-
Size
971KB
-
Sample
240606-rt11safd5x
-
MD5
b511b0274759a20e0e3ef09e8a8e7717
-
SHA1
60ef9a156c1e4845367a4ef2d9363ff1f0ae2636
-
SHA256
310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d
-
SHA512
849350c66ea07b808d2d6c36f4a9ff05009d8601e6d55e92e3c289211ca14a0902d815ba844977d234ddd446ec719498f05921b106aa202061176ac616fdb61b
-
SSDEEP
12288:ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgacTnH/ujAWYaEN6A:ytb20pkaCqT5TBWgNQ7asnH/+YjN6A
Malware Config
Extracted
lokibot
http://giampaolidolciaria.cfd/DV2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d.exe
-
Size
971KB
-
MD5
b511b0274759a20e0e3ef09e8a8e7717
-
SHA1
60ef9a156c1e4845367a4ef2d9363ff1f0ae2636
-
SHA256
310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d
-
SHA512
849350c66ea07b808d2d6c36f4a9ff05009d8601e6d55e92e3c289211ca14a0902d815ba844977d234ddd446ec719498f05921b106aa202061176ac616fdb61b
-
SSDEEP
12288:ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgacTnH/ujAWYaEN6A:ytb20pkaCqT5TBWgNQ7asnH/+YjN6A
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-