General
-
Target
bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347.exe
-
Size
164KB
-
Sample
240926-ct3gaavdqa
-
MD5
ed9fe2c20a68172921c064d0d9886b7b
-
SHA1
d892be8018cbc88b8cdd0db2338f643448630757
-
SHA256
bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347
-
SHA512
8fdaaedc9585e72ebfdb8ba85e79f52614d9b3626327ac882cc4a2f108ed71335e013b173a628cd83135f8806644f9af4ac1f7026a4a0ae71f12057534269160
-
SSDEEP
3072:OgX3OY/NPH8Aq+XdOeuohMvEuf555vyWd+9MtGGE0vWGNF7owCCx7/WgafCzg:WOLOAhLuhvyi6GTb8wCC5/Wgb
Malware Config
Extracted
lokibot
https://dddotx.shop/Mine/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347.exe
-
Size
164KB
-
MD5
ed9fe2c20a68172921c064d0d9886b7b
-
SHA1
d892be8018cbc88b8cdd0db2338f643448630757
-
SHA256
bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347
-
SHA512
8fdaaedc9585e72ebfdb8ba85e79f52614d9b3626327ac882cc4a2f108ed71335e013b173a628cd83135f8806644f9af4ac1f7026a4a0ae71f12057534269160
-
SSDEEP
3072:OgX3OY/NPH8Aq+XdOeuohMvEuf555vyWd+9MtGGE0vWGNF7owCCx7/WgafCzg:WOLOAhLuhvyi6GTb8wCC5/Wgb
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-