General
-
Target
6cfb8d2601aba6dd28e67a185f7ab647a933d86a129b4e4ea79772164cedeb01.exe
-
Size
957KB
-
Sample
250131-envwcsxrhy
-
MD5
a7c7cda46223cb2a271544ae41014c77
-
SHA1
b366a58f034de528c0569aa7ae35f53577c1c212
-
SHA256
6cfb8d2601aba6dd28e67a185f7ab647a933d86a129b4e4ea79772164cedeb01
-
SHA512
7647617fb203fe22e7944cfa5d0aa7aa85fa42abffe0618b31731219cf87a1d7729f30c084750b5a08ae9656d49cc29dab34cd91fc5c81d5c131e1c2457d1ac6
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXFmIaDnona/J9G/8LP5:9h+ZkldoPK1XaDr3y8F
Malware Config
Extracted
lokibot
http://touxzw.ir/sccc/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6cfb8d2601aba6dd28e67a185f7ab647a933d86a129b4e4ea79772164cedeb01.exe
-
Size
957KB
-
MD5
a7c7cda46223cb2a271544ae41014c77
-
SHA1
b366a58f034de528c0569aa7ae35f53577c1c212
-
SHA256
6cfb8d2601aba6dd28e67a185f7ab647a933d86a129b4e4ea79772164cedeb01
-
SHA512
7647617fb203fe22e7944cfa5d0aa7aa85fa42abffe0618b31731219cf87a1d7729f30c084750b5a08ae9656d49cc29dab34cd91fc5c81d5c131e1c2457d1ac6
-
SSDEEP
24576:qAHnh+eWsN3skA4RV1Hom2KXFmIaDnona/J9G/8LP5:9h+ZkldoPK1XaDr3y8F
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-