General
-
Target
specs_916351_xlsx.exe
-
Size
951KB
-
Sample
250205-l9q8masjdt
-
MD5
53fbb9686a33be35f7b2f9da2169988f
-
SHA1
ca5acfe1bc08aa016a6783ce13349c8e6c434137
-
SHA256
392a7193b12c6795fb239cff20c5310e1b3b4a3a24538b17d94870a97441cfe8
-
SHA512
99b1761fc795270935650cc89dda87f91d46e520b298e2bb85697b93b962c417d6bec4c6b8b0e1d7c8bf7e9ff2fcc00de362d43ffe4ca8b33730a865310e253e
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXFmIaefQbF3I5:eh+ZkldoPK1XaefQA
Malware Config
Extracted
lokibot
http://touxzw.ir/sccc/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
specs_916351_xlsx.exe
-
Size
951KB
-
MD5
53fbb9686a33be35f7b2f9da2169988f
-
SHA1
ca5acfe1bc08aa016a6783ce13349c8e6c434137
-
SHA256
392a7193b12c6795fb239cff20c5310e1b3b4a3a24538b17d94870a97441cfe8
-
SHA512
99b1761fc795270935650cc89dda87f91d46e520b298e2bb85697b93b962c417d6bec4c6b8b0e1d7c8bf7e9ff2fcc00de362d43ffe4ca8b33730a865310e253e
-
SSDEEP
24576:TAHnh+eWsN3skA4RV1Hom2KXFmIaefQbF3I5:eh+ZkldoPK1XaefQA
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-