General
-
Target
6a07483e158fc98f6fbb48378a59d6352b418a5660c797d291a4ab8bc20fae66
-
Size
504KB
-
Sample
250224-gd1d7s1nbj
-
MD5
8754e8146469105c164572b23501f54f
-
SHA1
4d2cbf4bea712b637db69a9c793e0a0d652809b2
-
SHA256
6a07483e158fc98f6fbb48378a59d6352b418a5660c797d291a4ab8bc20fae66
-
SHA512
d906c65cafd742b06f6caeba68907362796bb0d8a09c8aed811f720a063a12fcc05f9a12e651e5274a1c3e39ba7e04b1b0190030c2688c3b85daa4de54aa704f
-
SSDEEP
6144:/ObZ5laps5pXLtfOlAvD9P85mA089A2xXhI5+MtGYBF05x1QXzWV9SwCsW4RPeyk:/IrlgsvRfZZk7A2xxMCxSjI4Z4teYJs
Malware Config
Extracted
lokibot
http://94.156.177.41/sss1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Bank Slip_pdf.exe
-
Size
932KB
-
MD5
f0f08d78a83a15b9aaf07ae320fd1737
-
SHA1
ff9c8bbd595991ee633ec43c79a52e5b3ee4ed45
-
SHA256
dfc9bad6efe2b1ff8eb0b0757672044a9a0054161fce034e9ed296cd3fafddc2
-
SHA512
8f76c2427dabd03523914c05c3f93acc9b17ee89cf9f5a7ba524d667f1e74374fb5c53781fd7ea90f4baa1886ca021f195d3f4e2e13b7617fd23ed82f528ae30
-
SSDEEP
12288:nu6JWgXT7rKfXNeKgOIc0nAWY/ySWHDVz/Vovh7V1C0NnCGso9fgBDYgaOT7SWWh:nu6J33O0c+JY5UZ+XC0kGso6Fa27SWY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-