General
-
Target
dba78658d8804475664aec717b2c0c64c7ff26079f63c3e3b84b2f1ed786abd2
-
Size
169KB
-
Sample
241031-paqdtswncz
-
MD5
eef6379e0ffd78b50db1d8b17bd2c7f4
-
SHA1
f8ad1ece7e591a4202035018b02273fc1a29506b
-
SHA256
dba78658d8804475664aec717b2c0c64c7ff26079f63c3e3b84b2f1ed786abd2
-
SHA512
65c038cd71184018e464edfed7862ad371131aecd79bb451c8f2dfce8b5b456e7b555547d131712a9141275c711fd73cb455abe502774e662406354a8e3a1cb9
-
SSDEEP
3072:Mh5BaWpLJAZgcODr9qFsOguFNMP/zTnGLw9IQuikIGXW3btXcvSJs/oId:MnV7vcOv9VOguFoLTGcs03biSJsd
Malware Config
Extracted
lokibot
https://rottot.shop/Mx2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Objednávka_(P.O304621)_A-RESS Group S.R.O.exe
-
Size
248KB
-
MD5
65c61495f06833712c96643031dd584d
-
SHA1
52525341aab927f3d4970fbdcdc485589e6d93ac
-
SHA256
f8cf37bf2574eb73e4b6f2cad642ffe7ea5d5994bf39bd0a609d38c606774e68
-
SHA512
d8a9db24496b03fe07320eee1fedfc6e995ecbaf966c0e02d6c709eab2595ea0709d819996352acaa02b6d9afcf5f812c146ab7ffb79e47904c812907584f204
-
SSDEEP
6144:hh5RgOg+U5wU0QkQJj/tTWGYIlbySJ8Tn:hvRgT0Mj/tiGrJ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-