General
-
Target
INVOICE.exe
-
Size
3.0MB
-
Sample
240612-qsdy7azfqj
-
MD5
6d20693d0cae3cb145a010abb1b07f7d
-
SHA1
17c40f1f006846f2e8b99cb822a9b3f261103be9
-
SHA256
97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe
-
SHA512
bb7a05bd8d6847a7b5b92bef0fcc7aff2a21103666bdce098093cd9e4a45f649feb60e412e0a9fbb2d80b7b2e7f197aabca8af61207bd994ba51d014eabaeca7
-
SSDEEP
49152:m8yJAk206NICMq5pzKRgqVzKjqgF931wmz:hBsZq
Malware Config
Extracted
lokibot
http://45.61.136.239/index.php/9460648709801952970
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
INVOICE.exe
-
Size
3.0MB
-
MD5
6d20693d0cae3cb145a010abb1b07f7d
-
SHA1
17c40f1f006846f2e8b99cb822a9b3f261103be9
-
SHA256
97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe
-
SHA512
bb7a05bd8d6847a7b5b92bef0fcc7aff2a21103666bdce098093cd9e4a45f649feb60e412e0a9fbb2d80b7b2e7f197aabca8af61207bd994ba51d014eabaeca7
-
SSDEEP
49152:m8yJAk206NICMq5pzKRgqVzKjqgF931wmz:hBsZq
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-