General
-
Target
Order84746.exe
-
Size
520KB
-
Sample
241129-hcw6tswner
-
MD5
6e891f3adbfd415fae70ff8376014769
-
SHA1
9dd2239eba106fe8b3b97992064d07c532a0c9ee
-
SHA256
a2504b173353b434fe409705dbc066fb36c9a74d45a36d89ee421a1da3b4461b
-
SHA512
c125badd57a5acc02bb10091ac1fa4e6881ab9bca4df4f01f7dd61f4ac92795edacac8a0117603d4ec69a684e6752ab25d734c14a149f720314da1c33df35806
-
SSDEEP
12288:EOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPizdEsy9jgO1d5v5/BsuogV+a:Eq5TfcdHj4fmbGVWgO75B/h+a
Malware Config
Extracted
lokibot
http://94.156.177.41/davinci/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Order84746.exe
-
Size
520KB
-
MD5
6e891f3adbfd415fae70ff8376014769
-
SHA1
9dd2239eba106fe8b3b97992064d07c532a0c9ee
-
SHA256
a2504b173353b434fe409705dbc066fb36c9a74d45a36d89ee421a1da3b4461b
-
SHA512
c125badd57a5acc02bb10091ac1fa4e6881ab9bca4df4f01f7dd61f4ac92795edacac8a0117603d4ec69a684e6752ab25d734c14a149f720314da1c33df35806
-
SSDEEP
12288:EOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPizdEsy9jgO1d5v5/BsuogV+a:Eq5TfcdHj4fmbGVWgO75B/h+a
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-