General
-
Target
42fd39845e237d18cbcfd4229b2aafcb63e17778f8d555c97aa667c5fcfbfcc4
-
Size
840KB
-
Sample
241121-yp26lszqfn
-
MD5
d8ceac461518d61f76bbd2f8d0821c03
-
SHA1
ed4b97b42a4e4dc06a5c9e660adb710e6d59be67
-
SHA256
42fd39845e237d18cbcfd4229b2aafcb63e17778f8d555c97aa667c5fcfbfcc4
-
SHA512
c1d376cdeb975d8bad82e215891437854250fb9b6c581ba18b994cb598d6351d8b1fac1a38ea3db194926103062129f317e91e26b1ee82d1e2878b66c6938932
-
SSDEEP
24576:4+Mu1DHDE6LrWEynExkc+uBqPvmKB402NYBa6POw9Y:4+31k6rIIHJUHB7oka6G2Y
Malware Config
Extracted
lokibot
http://sempersim.su/gh20/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
42fd39845e237d18cbcfd4229b2aafcb63e17778f8d555c97aa667c5fcfbfcc4
-
Size
840KB
-
MD5
d8ceac461518d61f76bbd2f8d0821c03
-
SHA1
ed4b97b42a4e4dc06a5c9e660adb710e6d59be67
-
SHA256
42fd39845e237d18cbcfd4229b2aafcb63e17778f8d555c97aa667c5fcfbfcc4
-
SHA512
c1d376cdeb975d8bad82e215891437854250fb9b6c581ba18b994cb598d6351d8b1fac1a38ea3db194926103062129f317e91e26b1ee82d1e2878b66c6938932
-
SSDEEP
24576:4+Mu1DHDE6LrWEynExkc+uBqPvmKB402NYBa6POw9Y:4+31k6rIIHJUHB7oka6G2Y
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-