General
-
Target
2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619.exe
-
Size
104KB
-
Sample
250223-cn36mawnv7
-
MD5
35eb283a5c0de6121bff7240d4b18b1f
-
SHA1
9e52d60910a938cadbedf32601fe135392e7213f
-
SHA256
2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619
-
SHA512
0041c14a22b38c8a43e4d6886ca7b65b691b16ca198a311762b2ae740dcb32fbea2cc5dcbd6cc0c3228d1a59fef181bab68349e3269a41331f69a8acb17d212f
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Malware Config
Extracted
lokibot
http://sebel.sbs/Devil/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619.exe
-
Size
104KB
-
MD5
35eb283a5c0de6121bff7240d4b18b1f
-
SHA1
9e52d60910a938cadbedf32601fe135392e7213f
-
SHA256
2f048f2a0606486cabeeaf6950807615b77d2897c02791f2e76bc0d63e31a619
-
SHA512
0041c14a22b38c8a43e4d6886ca7b65b691b16ca198a311762b2ae740dcb32fbea2cc5dcbd6cc0c3228d1a59fef181bab68349e3269a41331f69a8acb17d212f
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-