General
-
Target
6191c8ee8401975ef8b7331ed7c4b6fbc3a02d6ac2a5567172b6f0ea62afa554.exe
-
Size
663KB
-
Sample
250207-rd1p3stlax
-
MD5
eba882e963d6f85b8440cad026b93996
-
SHA1
4f04e24147c3531d40da3c9e7b52b3f231f2c672
-
SHA256
6191c8ee8401975ef8b7331ed7c4b6fbc3a02d6ac2a5567172b6f0ea62afa554
-
SHA512
f1daa21a3b22affc3bcb64e587148f29b842f5271fd8af3306be4b331a6331baf2718a838349492cf781dc169fee39ff3ecc981dd5c04242c601a8248ca503be
-
SSDEEP
12288:dsHzOUNUSB/o5LsI1uwajJ5yvv1l2HBtoEtyXOnKviPa+Ag/m3gt:0iUmSB/o5d1ubcvsFty+nh/sgt
Malware Config
Extracted
lokibot
http://172.245.123.11/tpm/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6191c8ee8401975ef8b7331ed7c4b6fbc3a02d6ac2a5567172b6f0ea62afa554.exe
-
Size
663KB
-
MD5
eba882e963d6f85b8440cad026b93996
-
SHA1
4f04e24147c3531d40da3c9e7b52b3f231f2c672
-
SHA256
6191c8ee8401975ef8b7331ed7c4b6fbc3a02d6ac2a5567172b6f0ea62afa554
-
SHA512
f1daa21a3b22affc3bcb64e587148f29b842f5271fd8af3306be4b331a6331baf2718a838349492cf781dc169fee39ff3ecc981dd5c04242c601a8248ca503be
-
SSDEEP
12288:dsHzOUNUSB/o5LsI1uwajJ5yvv1l2HBtoEtyXOnKviPa+Ag/m3gt:0iUmSB/o5d1ubcvsFty+nh/sgt
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-