General
-
Target
FGD0987678000.cmd.exe
-
Size
461KB
-
Sample
241120-f9f5rssjf1
-
MD5
5c0ef516f2e1cecf656358b495e0d05f
-
SHA1
ef655931d08bd2a9839d6bcc4cab23499b8ac013
-
SHA256
234c88ce76cde3cb4510ae1532863bb3c29efa0e94889d5dd30818f084c3b958
-
SHA512
6fbac4bc8ee8b872860478b1eae3e86cd9149b8b13592349e7a9ab4118b9063b5c89987de9cd0a59ccf8f3be690521faa0abf71d97cc1ca8e8933b2e110667ab
-
SSDEEP
12288:NJOr0Yb59iAIYhQZSjNx+bZzT4yoQ8BTjIzW62JVbY:Ng7jC2nZtpbY
Malware Config
Extracted
lokibot
http://87.120.113.235/18/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
FGD0987678000.cmd.exe
-
Size
461KB
-
MD5
5c0ef516f2e1cecf656358b495e0d05f
-
SHA1
ef655931d08bd2a9839d6bcc4cab23499b8ac013
-
SHA256
234c88ce76cde3cb4510ae1532863bb3c29efa0e94889d5dd30818f084c3b958
-
SHA512
6fbac4bc8ee8b872860478b1eae3e86cd9149b8b13592349e7a9ab4118b9063b5c89987de9cd0a59ccf8f3be690521faa0abf71d97cc1ca8e8933b2e110667ab
-
SSDEEP
12288:NJOr0Yb59iAIYhQZSjNx+bZzT4yoQ8BTjIzW62JVbY:Ng7jC2nZtpbY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-