General
-
Target
Documents.exe
-
Size
941KB
-
Sample
250225-cwyk4sxjt8
-
MD5
18cf4165482277c6f78b44447997521d
-
SHA1
1f718632ac51d596d2157f86dbbda443827b8c21
-
SHA256
1b9125795d199e6e6dd47bcb427d7582c2ef5959c5a939a6110a4fe73f32775e
-
SHA512
a2f989efaa472530c483c7425f6cdc2f2a1078dfd2fabaf0c7c2cf0f454f31729f4a2d7e79c48c4585a0ba91bf3c297fee632888993009553eb05fe70d3d9ae3
-
SSDEEP
24576:Ru6J33O0c+JY5UZ+XC0kGso6FaHAKMoMWY:Du0c++OCvkGs9FaHADWY
Malware Config
Extracted
lokibot
http://94.156.177.41/sss3/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Documents.exe
-
Size
941KB
-
MD5
18cf4165482277c6f78b44447997521d
-
SHA1
1f718632ac51d596d2157f86dbbda443827b8c21
-
SHA256
1b9125795d199e6e6dd47bcb427d7582c2ef5959c5a939a6110a4fe73f32775e
-
SHA512
a2f989efaa472530c483c7425f6cdc2f2a1078dfd2fabaf0c7c2cf0f454f31729f4a2d7e79c48c4585a0ba91bf3c297fee632888993009553eb05fe70d3d9ae3
-
SSDEEP
24576:Ru6J33O0c+JY5UZ+XC0kGso6FaHAKMoMWY:Du0c++OCvkGs9FaHADWY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-