General
-
Target
5af27ed278e5ce156f4f6d305b260bdfcfe1d5702e81fe236312af12eb47a738.exe
-
Size
960KB
-
Sample
250205-ebwbcsxqgv
-
MD5
3f9bb2bb89a2341a849f06b15c988664
-
SHA1
f8157d3b1cee8eac7345c2ba9f2ff35e07e06720
-
SHA256
5af27ed278e5ce156f4f6d305b260bdfcfe1d5702e81fe236312af12eb47a738
-
SHA512
79d9ca3ed90f18c7a480c8553971d6685af6c87be842773222ef5211345fb9b4069ec8d45871aac53274013c9b096bdb39910c953be035e71788076a0309ba82
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXFmIa6c6VOsLCI5:Fh+ZkldoPK1Xa6Jn
Malware Config
Extracted
lokibot
http://touxzw.ir/sccc/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5af27ed278e5ce156f4f6d305b260bdfcfe1d5702e81fe236312af12eb47a738.exe
-
Size
960KB
-
MD5
3f9bb2bb89a2341a849f06b15c988664
-
SHA1
f8157d3b1cee8eac7345c2ba9f2ff35e07e06720
-
SHA256
5af27ed278e5ce156f4f6d305b260bdfcfe1d5702e81fe236312af12eb47a738
-
SHA512
79d9ca3ed90f18c7a480c8553971d6685af6c87be842773222ef5211345fb9b4069ec8d45871aac53274013c9b096bdb39910c953be035e71788076a0309ba82
-
SSDEEP
24576:CAHnh+eWsN3skA4RV1Hom2KXFmIa6c6VOsLCI5:Fh+ZkldoPK1Xa6Jn
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-