General
-
Target
e736208fb40bc88acaf48a2389a8bc012825aea4e81ed72e16c63b41abf718c6
-
Size
465KB
-
Sample
241121-ylpfcazpbq
-
MD5
ed48bcd0f430dcfe5636b2a0f16363bd
-
SHA1
ebad17a3b06265bac4cf700da1deaa79d4a345a3
-
SHA256
e736208fb40bc88acaf48a2389a8bc012825aea4e81ed72e16c63b41abf718c6
-
SHA512
e847db6f7447bd7e14965ec1393c11571a9261f1d28632cfef451879f5ddd2b1ff41552b186ce769f7f30de5b98de3002031a2b2c3182ba159d8dae161951157
-
SSDEEP
12288:kPjaJNaV1cWGGevIE747Yun59i/OZMFno8+y2a0ash6N1D:yGlvVkpHmoxRDafN1D
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=10316882234268616
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e736208fb40bc88acaf48a2389a8bc012825aea4e81ed72e16c63b41abf718c6
-
Size
465KB
-
MD5
ed48bcd0f430dcfe5636b2a0f16363bd
-
SHA1
ebad17a3b06265bac4cf700da1deaa79d4a345a3
-
SHA256
e736208fb40bc88acaf48a2389a8bc012825aea4e81ed72e16c63b41abf718c6
-
SHA512
e847db6f7447bd7e14965ec1393c11571a9261f1d28632cfef451879f5ddd2b1ff41552b186ce769f7f30de5b98de3002031a2b2c3182ba159d8dae161951157
-
SSDEEP
12288:kPjaJNaV1cWGGevIE747Yun59i/OZMFno8+y2a0ash6N1D:yGlvVkpHmoxRDafN1D
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-