General
-
Target
b1539e59786b84f24711199a82842c938d252433164a437d0fc2f0b9a9517077.ace
-
Size
51KB
-
Sample
240716-x1l34awdmr
-
MD5
ed99d51b1e13d050257974ec8009cbc4
-
SHA1
2fdb7d8bdc352b4aa316804f0c5af9bb52c83738
-
SHA256
b1539e59786b84f24711199a82842c938d252433164a437d0fc2f0b9a9517077
-
SHA512
5bd7258978a793cd3978c78dd7c6d1a76a75af48667ce8945e7d603f26373843758b88ca275ea9919ae3b4e61e886eda774d64a1a4dfc7d2257fded25a557889
-
SSDEEP
768:NllW7eNO8Z/l+u0BwaHrkTdD+hpM/m3Dmo+jtHmXBleHyEPEG47+7FXJ+h1Bip7:Nl47bW/t0BUgTmoQHO7eHFPNBwhCV
Malware Config
Extracted
lokibot
http://104.248.205.66/index.php/file.php?an=74870072817
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
AWD_Doc.exe
-
Size
139KB
-
MD5
ec80bb801f8113daf41d1b8e15fa8e2e
-
SHA1
292b792b1bd60b0a17aff237a8d8fc2f0aa1f09c
-
SHA256
83544a1f58caad71a03ed0f6e99f787e23ff20229f0a4c03622797fe62843a1b
-
SHA512
797f6047ac736042bf081e55cf04f86a97abe444609b91f4c7fe14aa477b0f8a86c6c8f17a0f3de340bd5193b5a6fe94f71ce26f3e9d1d7a0b53c0d5410c06ff
-
SSDEEP
1536:JXEYsHcKIiGuxVlPTGEDnFCma93EtMkj+WL17h9B4OJY51NjDRWtPOW5vAQktlGZ:CFlkmnjil3Cf54Qm8r0DoOuae4/I
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-