General
-
Target
27308b7311a38e46f5885bcae1aa1d9397157aa065ee923bc29da21600307b8b
-
Size
631KB
-
Sample
241028-zxvxyavpcp
-
MD5
03441232cf9244ad2b14e8072edae805
-
SHA1
7fc900d8363627d3133c41cd904b1859b2fe6a54
-
SHA256
27308b7311a38e46f5885bcae1aa1d9397157aa065ee923bc29da21600307b8b
-
SHA512
0a390342926c7af5fe415019ba721e19b3c2ba8105975d4a97f58a489bbe0c3d6fda5128a73b52b13ee7c0c310e042db7c60e00af08b4fcab52660f3d7a5a4b8
-
SSDEEP
12288:01tYq7J3At5iHOq+ZQ/uqqtC6TmxB7BPqhmDhmng50me:0zYqtm8OqKmubufg20ngp
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=61353
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
27308b7311a38e46f5885bcae1aa1d9397157aa065ee923bc29da21600307b8b
-
Size
631KB
-
MD5
03441232cf9244ad2b14e8072edae805
-
SHA1
7fc900d8363627d3133c41cd904b1859b2fe6a54
-
SHA256
27308b7311a38e46f5885bcae1aa1d9397157aa065ee923bc29da21600307b8b
-
SHA512
0a390342926c7af5fe415019ba721e19b3c2ba8105975d4a97f58a489bbe0c3d6fda5128a73b52b13ee7c0c310e042db7c60e00af08b4fcab52660f3d7a5a4b8
-
SSDEEP
12288:01tYq7J3At5iHOq+ZQ/uqqtC6TmxB7BPqhmDhmng50me:0zYqtm8OqKmubufg20ngp
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-