General
-
Target
??.exe
-
Size
232KB
-
Sample
220114-j9nrdsfbe3
-
MD5
e9b74bfb67bf3dcef39e23674d4dd63f
-
SHA1
6fc16b7fe6e2d6567bfd2cf68b407fc7f5097a93
-
SHA256
aeff0c4823c37fc2054f80c6bf7dafcf7fce8abb84d7b72a08fa67411d2aa480
-
SHA512
ae2386500840fbed380f46fafc1e3326f12ce87436be22ace0e536d6d9c83f4d77e27793c2d4fe30e607850b37c2eecb4ab35c8630fff2f8a5534d21349efb27
Malware Config
Extracted
lokibot
http://slimpackage.com/slimmain/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
??.exe
-
Size
232KB
-
MD5
e9b74bfb67bf3dcef39e23674d4dd63f
-
SHA1
6fc16b7fe6e2d6567bfd2cf68b407fc7f5097a93
-
SHA256
aeff0c4823c37fc2054f80c6bf7dafcf7fce8abb84d7b72a08fa67411d2aa480
-
SHA512
ae2386500840fbed380f46fafc1e3326f12ce87436be22ace0e536d6d9c83f4d77e27793c2d4fe30e607850b37c2eecb4ab35c8630fff2f8a5534d21349efb27
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-