General
-
Target
29092024_2329_26092024_Pirkuma pasūtījums_(PO410533)_TOLMETS.zip
-
Size
146KB
-
Sample
240929-3gqj3azdmc
-
MD5
f7878737e2bd48c2b7107aab2aea114a
-
SHA1
ada7b9c841e19fbb9fd98315e9705257ee75fd26
-
SHA256
c3a2e47f100f1ac23cd8bc86081f3ab6ecbfece6de83a26195a0adac04d5ed40
-
SHA512
caf6ba55f0fe1d50562f3513ec4759f415af5af72e86a3d8f8ff8519615a4b8a4b97e8e073538f7a9be1c59494fff2105f56d6fc453d77c7306bd381e8d89f63
-
SSDEEP
3072:pZalIbxZba+aNelaVmnTlMxo15xCbv67csR+v6reNRiMB:qlIN8TxVsTKxI50G7vKIq
Malware Config
Extracted
lokibot
https://dddotx.shop/Mine/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Pirkuma pasūtījums_(PO410533)_TOLMETS.exe
-
Size
238KB
-
MD5
3957d1329cf4a45e54c86b88c3527ee9
-
SHA1
849e0bee18e2a7201ac9da6a2599b4cb3b59dae5
-
SHA256
d5174e488e96f653dab3685dba351bc77cd1e264f3dae443527d845e7e5a5b38
-
SHA512
f6819102d948575ec0d02c9041743c6ad5050efc3b111e0d59bd5af7b2f6a433744221123ee0915197020fc382236926b12dfbf161ef5faaad92fd509737ab62
-
SSDEEP
3072:DVR1+c+l0b8rcf4LTlMxol5VCbDO7csj+b+rerEAmjc+D:xbxfXfQTKxu5oW7ve8cEAmg+
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-