General
-
Target
remittance_file.pdf.zip
-
Size
531KB
-
Sample
250130-s62zaaxnbj
-
MD5
c51934cbbe95835b7d8e320a6adc4425
-
SHA1
6456f5074b435679f3ccba8690ca7cd62996516c
-
SHA256
143a2326b275c13034fc38600d46d06dd840da5a988b35b0a86ff217eff81c40
-
SHA512
fd90ee3671b5c94d92a48532f4a52f499d41490b192548d60e9d0db5fd2f960bac7e1d6829e75140e30573bbe1281cf6ee71f95e922b67e860128a09cd742d91
-
SSDEEP
12288:W3/guHcfwdmakeXH0xG63ZS1UrzVkPBQy/evS:FScfwd9XH053ZrrOPB2S
Malware Config
Extracted
lokibot
http://royalsailtravel.ru/Sacc/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
remittance file.exe
-
Size
954KB
-
MD5
7a5916bd5c71370cb9f5504bc9b0e522
-
SHA1
2a33e0b1ec3ccd6470942b12cd2090751fe1b0df
-
SHA256
8da520c11db02949950acfa98ff22e72eed80fa89957292dbf91b425bdd830f6
-
SHA512
f0b080555a2fecb4fab08cddf25f7ab8a68dc7f67f468b58f301cd6ba7aab5edc14072d1006984c635e64967d21e09c45e34b7d3a7eed6c70d1085ea50243566
-
SSDEEP
24576:JAHnh+eWsN3skA4RV1Hom2KXFmIaA/3B4a5:Qh+ZkldoPK1XaA/xV
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-