General
-
Target
b3596b91d43f22d58cf7875c3af5659e98c7479b88ec1e165d8d3b6ddddfb0d8.exe
-
Size
1.1MB
-
Sample
240726-fy99gayclm
-
MD5
9a790971ac906778fa30c8be5127aac1
-
SHA1
bfbcc3ef1c20cd8d438352dc4a829fba10f116e3
-
SHA256
b3596b91d43f22d58cf7875c3af5659e98c7479b88ec1e165d8d3b6ddddfb0d8
-
SHA512
319bbbd5e996fe7989319fdade75a74710b5884439a0349ccffc7751d9529a2fb4201cabdde62c30cccac1ef1f4ef71a2eb6bc324583ee2cfacdffa55c019fa7
-
SSDEEP
24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aLF/IcUuJ94fdFc:oTvC/MTQYxsWR7aLFRUuiF
Malware Config
Extracted
lokibot
http://sempersim.su/c3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b3596b91d43f22d58cf7875c3af5659e98c7479b88ec1e165d8d3b6ddddfb0d8.exe
-
Size
1.1MB
-
MD5
9a790971ac906778fa30c8be5127aac1
-
SHA1
bfbcc3ef1c20cd8d438352dc4a829fba10f116e3
-
SHA256
b3596b91d43f22d58cf7875c3af5659e98c7479b88ec1e165d8d3b6ddddfb0d8
-
SHA512
319bbbd5e996fe7989319fdade75a74710b5884439a0349ccffc7751d9529a2fb4201cabdde62c30cccac1ef1f4ef71a2eb6bc324583ee2cfacdffa55c019fa7
-
SSDEEP
24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aLF/IcUuJ94fdFc:oTvC/MTQYxsWR7aLFRUuiF
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-