General
-
Target
f7c2cb7269b134b5847131de7c05c990796c95619b84e2b95b53c0d0f266cee7
-
Size
631KB
-
Sample
250118-qemzyatpds
-
MD5
61ca229897dfefa1094d9edd5c4349ce
-
SHA1
28e12854d074686a841c93e0a85b229276bbe8b2
-
SHA256
f7c2cb7269b134b5847131de7c05c990796c95619b84e2b95b53c0d0f266cee7
-
SHA512
d16451572707a71e8a4437ad2f2243d54699d6c9b78a14d682c576067ee8894c979445b29b14c8f02aadd98122112ee7dd896cde85db3262caf96a43c4573af3
-
SSDEEP
12288:R82WXV7OVOyCrz3ozlo23wBewo4kI9u51up6lAbnK:6OVOyYyojeFzIs51up6l
Malware Config
Extracted
lokibot
http://94.156.177.41/zang/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f7c2cb7269b134b5847131de7c05c990796c95619b84e2b95b53c0d0f266cee7
-
Size
631KB
-
MD5
61ca229897dfefa1094d9edd5c4349ce
-
SHA1
28e12854d074686a841c93e0a85b229276bbe8b2
-
SHA256
f7c2cb7269b134b5847131de7c05c990796c95619b84e2b95b53c0d0f266cee7
-
SHA512
d16451572707a71e8a4437ad2f2243d54699d6c9b78a14d682c576067ee8894c979445b29b14c8f02aadd98122112ee7dd896cde85db3262caf96a43c4573af3
-
SSDEEP
12288:R82WXV7OVOyCrz3ozlo23wBewo4kI9u51up6lAbnK:6OVOyYyojeFzIs51up6l
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-