General
-
Target
85b290b96ca4f8961e4782cce593270116d246dbd243c3eb2b4121542cae8e71.exe
-
Size
491KB
-
Sample
240618-v8bafsxfjp
-
MD5
1a5ac349e153a9e2927c8f8e13512942
-
SHA1
428d38db93636fcdba6d3ecc81cd1a87da4fb8fe
-
SHA256
85b290b96ca4f8961e4782cce593270116d246dbd243c3eb2b4121542cae8e71
-
SHA512
6006ecc131a03aa6d0f294677f2b07d1811b9600d3c4839c03fecaeafe6740bd5b47b92e49b5e78c526f821c96988190fdca3d14444982b74e5a20b4b93430c2
-
SSDEEP
12288:3Kz/iFIsPAb/z/gPhtEnBNU8kvKQ4RYHLVfnGICwMj+ABq/:6zkIKybuirULB4KZB3MqAI
Malware Config
Extracted
lokibot
http://104.248.205.66/index.php/882842611
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
85b290b96ca4f8961e4782cce593270116d246dbd243c3eb2b4121542cae8e71.exe
-
Size
491KB
-
MD5
1a5ac349e153a9e2927c8f8e13512942
-
SHA1
428d38db93636fcdba6d3ecc81cd1a87da4fb8fe
-
SHA256
85b290b96ca4f8961e4782cce593270116d246dbd243c3eb2b4121542cae8e71
-
SHA512
6006ecc131a03aa6d0f294677f2b07d1811b9600d3c4839c03fecaeafe6740bd5b47b92e49b5e78c526f821c96988190fdca3d14444982b74e5a20b4b93430c2
-
SSDEEP
12288:3Kz/iFIsPAb/z/gPhtEnBNU8kvKQ4RYHLVfnGICwMj+ABq/:6zkIKybuirULB4KZB3MqAI
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-