General
-
Target
af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63.exe
-
Size
123KB
-
Sample
240716-xszzzsyekd
-
MD5
800b20009891cb2ec6fb63d5f5cf7dd0
-
SHA1
cfe4ceddbd6a948e4c6b0689a1913ef484ea7f90
-
SHA256
af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63
-
SHA512
d40562458f0959aa587fdf677aed88c248b944e6161b474ef948712e9e16bd7a1b49f04564e7aa013bb99617f86c74a0d219c1ea0a7f038df692e151d0fe7fcf
-
SSDEEP
1536:d+9MPdi38jvG4IccspSxXTf2WN9+Zu4VqWwrLROPLYtxYTnboETB2xs7mo4b5B:PfBcsFWCS9OcwnEEqs7moOr
Malware Config
Extracted
lokibot
http://104.248.205.66/index.php/pages?s=1
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63.exe
-
Size
123KB
-
MD5
800b20009891cb2ec6fb63d5f5cf7dd0
-
SHA1
cfe4ceddbd6a948e4c6b0689a1913ef484ea7f90
-
SHA256
af0f04a8286675a6d734b602b8d79d50cf3a47bfaf25a2e9bd0f3c2ee0ed7b63
-
SHA512
d40562458f0959aa587fdf677aed88c248b944e6161b474ef948712e9e16bd7a1b49f04564e7aa013bb99617f86c74a0d219c1ea0a7f038df692e151d0fe7fcf
-
SSDEEP
1536:d+9MPdi38jvG4IccspSxXTf2WN9+Zu4VqWwrLROPLYtxYTnboETB2xs7mo4b5B:PfBcsFWCS9OcwnEEqs7moOr
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-