General
-
Target
Pastjums_P.O40562_SIA_BLIK-M_Doc.zip
-
Size
169KB
-
Sample
241031-pnf3bawqev
-
MD5
d449ba26eb15c71f6591bc2163dbff73
-
SHA1
2c04b65b3b5096c4cde0e7c1535e2359e5c5673e
-
SHA256
5095515c5cf5cf9508422ab85334e3c8ba5ec5130f9fb70e5bed2c1d07188b05
-
SHA512
10144dcb6cdaf7b074a18ea05fd817e074fe73e8994faac1a932e15eea0cb8cc4d3fc20f4edd92fde8f698f43ca2e247b5456b53e379ea528ece0a455531fd28
-
SSDEEP
3072:iLku3X5qjluUsM+cYbsRQf/ezTrGrw9IQSikIQXW7btXwvSJsRotUi:5gpIuUsMubsRQfsTC8Q27bWSJHUi
Malware Config
Extracted
lokibot
https://rottot.shop/Mx2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Pasūtījums_(P.O40562)_ SIA_BLIK-M_Doc.exe
-
Size
248KB
-
MD5
65c61495f06833712c96643031dd584d
-
SHA1
52525341aab927f3d4970fbdcdc485589e6d93ac
-
SHA256
f8cf37bf2574eb73e4b6f2cad642ffe7ea5d5994bf39bd0a609d38c606774e68
-
SHA512
d8a9db24496b03fe07320eee1fedfc6e995ecbaf966c0e02d6c709eab2595ea0709d819996352acaa02b6d9afcf5f812c146ab7ffb79e47904c812907584f204
-
SSDEEP
6144:hh5RgOg+U5wU0QkQJj/tTWGYIlbySJ8Tn:hvRgT0Mj/tiGrJ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-