General
-
Target
gunzipped
-
Size
205KB
-
Sample
200630-zgdhsyzqva
-
MD5
63e6327e7fc65e4fdb8836589881d7e8
-
SHA1
bd16c795a6e876363c90ffa7908606ed4605221b
-
SHA256
82ad3e5d52c6b6b26f56ff7863ed572ffb09de0701635dabce5923768453438b
-
SHA512
f241c0bd1224577faf8da1523d4b35245185695a0fa3c6462aadd38684726769ef5b61526196b7f417b1686bbbea79b3b1803f3964cd5c1af4034793127c6440
Malware Config
Extracted
lokibot
mci-consultant.id/e/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped
-
Size
205KB
-
MD5
63e6327e7fc65e4fdb8836589881d7e8
-
SHA1
bd16c795a6e876363c90ffa7908606ed4605221b
-
SHA256
82ad3e5d52c6b6b26f56ff7863ed572ffb09de0701635dabce5923768453438b
-
SHA512
f241c0bd1224577faf8da1523d4b35245185695a0fa3c6462aadd38684726769ef5b61526196b7f417b1686bbbea79b3b1803f3964cd5c1af4034793127c6440
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-