General
-
Target
e3e5da5bcf5aaf6e54271bef8c39b726.exe
-
Size
100KB
-
Sample
200731-hq682er766
-
MD5
e3e5da5bcf5aaf6e54271bef8c39b726
-
SHA1
82137e8ed973f838e992c09cde4554900c93973b
-
SHA256
15e84355978fd585af794a5aa1b61144a9197d1410219a4e129aca0ce953904d
-
SHA512
119fb0ba6b68a3e6e3e54b8aadfc5f73c53c4b4e15cc4f97320cf37dd24002159a7df8591e16544662f0bfa79045ef8126799ac566c09c2d2035a267eca1f149
Malware Config
Extracted
lokibot
http://104.223.143.234/coconut/Panel/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e3e5da5bcf5aaf6e54271bef8c39b726.exe
-
Size
100KB
-
MD5
e3e5da5bcf5aaf6e54271bef8c39b726
-
SHA1
82137e8ed973f838e992c09cde4554900c93973b
-
SHA256
15e84355978fd585af794a5aa1b61144a9197d1410219a4e129aca0ce953904d
-
SHA512
119fb0ba6b68a3e6e3e54b8aadfc5f73c53c4b4e15cc4f97320cf37dd24002159a7df8591e16544662f0bfa79045ef8126799ac566c09c2d2035a267eca1f149
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-