General
-
Target
386e207d9e5d4cf9c0b19777baf11453dc49d344a40638f4e0258649610fe095.exe
-
Size
1.0MB
-
Sample
240628-bnjasavhrp
-
MD5
43aa439728e895604786378cc1cc9577
-
SHA1
c483d8f082b5061b97696a2e38dc14189d3ad2e2
-
SHA256
386e207d9e5d4cf9c0b19777baf11453dc49d344a40638f4e0258649610fe095
-
SHA512
72a41af5dd1f427fa74b8ef8016249c053984f15b12af2a5ce922bc963f39a19bad6586d65008977172edf0359d632962ccc50ea1c3d9a441f6e12e0c628a63d
-
SSDEEP
12288:uoGT3z4k+MdFrxnRBfKW8tO40OwYuyhVWg:uNzk3MdFtRBf94og
Malware Config
Extracted
lokibot
http://andrebadi.top/ugopounds/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
386e207d9e5d4cf9c0b19777baf11453dc49d344a40638f4e0258649610fe095.exe
-
Size
1.0MB
-
MD5
43aa439728e895604786378cc1cc9577
-
SHA1
c483d8f082b5061b97696a2e38dc14189d3ad2e2
-
SHA256
386e207d9e5d4cf9c0b19777baf11453dc49d344a40638f4e0258649610fe095
-
SHA512
72a41af5dd1f427fa74b8ef8016249c053984f15b12af2a5ce922bc963f39a19bad6586d65008977172edf0359d632962ccc50ea1c3d9a441f6e12e0c628a63d
-
SSDEEP
12288:uoGT3z4k+MdFrxnRBfKW8tO40OwYuyhVWg:uNzk3MdFtRBf94og
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables containing common artifacts observed in infostealers
-
Detects executables packed with or use KoiVM
-
Detects executables referencing many file transfer clients. Observed in information stealers
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-