General
-
Target
30102024_1606_29102024_Satınalma Siparişi_(PO40947)_EMS Endüstriyel Servis.zip
-
Size
161KB
-
Sample
241030-tj6vdsxamh
-
MD5
c5c1e257ca666997e35836ba9bf1de9a
-
SHA1
39867cd11fbdb879b71204f742bb58ef225523cc
-
SHA256
e457de9462abafce0b634ad36de5aabca3721b6277528056b1f69cdce22c03ef
-
SHA512
0eace082b147f7887f60b6ea452dce1b2582ca5a308eec9f5dbcc2b1361e8a7ecc26549093aee5becdd1c049624f1c5d11bd8e9e18b29e3aa7da3d2fd19ffb40
-
SSDEEP
3072:uCMR3YgCy1iQN8OpIYl2D0YbVvSnDumKnL2XoU+ZUwvheyC/kZ:uCYL5iYo/VUKL9U+ZtheoZ
Malware Config
Extracted
lokibot
https://rottot.shop/Mx2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Satınalma Siparişi_(PO40947)_EMS Endüstriyel Servis.exe
-
Size
216KB
-
MD5
6cf2efa7f0e3c172cb5be4c7f065fe5d
-
SHA1
20166a74da7adf203a996d814ebc94947c6c26fd
-
SHA256
8b5e4c846dc98bdea2524651cf2895630c27bab15f5b27d60a9fd732b1c6ba3f
-
SHA512
ddce7ff8e61430fd4755afbec20793d949a28e455a2c813697bdfc307667a0c695e181dcf6663066eb228e52c96f9571ec7b319629e0f945dcbc58e3f7d71181
-
SSDEEP
6144:w119IHMcJVuYhxAYWDVeKf9UsZtheI5m:wjUZhRWcKhhh
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-