General
-
Target
18022025_1650_17022025_doc_017025_pdf.gz
-
Size
516KB
-
Sample
250218-vcaztatphm
-
MD5
12ba2c111969ddeddf3ad7d8b64df481
-
SHA1
24f9c92cb22fd66e802b33c4410f9c890137322c
-
SHA256
d10f25e6794205258929fcf5e7ecd706a62493d58d2a5d21ecff0c420103597a
-
SHA512
c388b68f190fd3e7bd652095f395aa5b4af63f0e43ac937db07c0bd2a0e965c9af0985f8fd39138633325d18330ce0721f1d0faf587a881f8f63a433c86dd6ba
-
SSDEEP
12288:wKcfrfzL1mZhjmP4Li33ai/XMj3bChdiXjKQX:/cfrl8owLi3KiGm70jJX
Malware Config
Extracted
lokibot
http://touxzw.ir/sccc/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
doc_017025_pdf.exe
-
Size
934KB
-
MD5
62abc4447d8b6877cab7a721e0331450
-
SHA1
0fb7673b2437afa906299a676caf4c2a177c4b89
-
SHA256
e0c5db8ba3b32956b954091828136618e0130b148675dbb153c0b77b77e2d1d4
-
SHA512
44ca11519e0c58d7000bbb081101094177812516a467b12268b1be7ae8a8e04dd284abee3464b2524c7ecb229aeb80096f8d7f367102f4b1fac1823221c3cb4a
-
SSDEEP
24576:uu6J33O0c+JY5UZ+XC0kGso6Far3Vx3WY:gu0c++OCvkGs9FarFkY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-