General
-
Target
ab9b13bfe075715637b77b9ec4c70481.bin
-
Size
309KB
-
Sample
240616-cgnscsyfjm
-
MD5
ab9b13bfe075715637b77b9ec4c70481
-
SHA1
2573e9f9ea0b537f3108a4f9b1c8e101058cc405
-
SHA256
4cbfae2977edd83d004db156859d15036289ea2dfbfeaef5aac8b5ea030a8d01
-
SHA512
03bc1caaa8920fa7903ce6e30ad381481690b66242aabcbae2a2cf265c89b2d85318033a4d0bfab6020911a2acad33bf34b71cbc8afea6f0d1a325cd148e8d45
-
SSDEEP
6144:wX649Vl1jeHZyL4b8yvuDbL7DXdN8wBYm7OCBy9Z/fLbDDff/TG:wXdPDGmDbPDXdNSKOCK3LnD3L
Malware Config
Extracted
lokibot
https://basitchemcials.com/wp-content/uploads/09/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ab9b13bfe075715637b77b9ec4c70481.bin
-
Size
309KB
-
MD5
ab9b13bfe075715637b77b9ec4c70481
-
SHA1
2573e9f9ea0b537f3108a4f9b1c8e101058cc405
-
SHA256
4cbfae2977edd83d004db156859d15036289ea2dfbfeaef5aac8b5ea030a8d01
-
SHA512
03bc1caaa8920fa7903ce6e30ad381481690b66242aabcbae2a2cf265c89b2d85318033a4d0bfab6020911a2acad33bf34b71cbc8afea6f0d1a325cd148e8d45
-
SSDEEP
6144:wX649Vl1jeHZyL4b8yvuDbL7DXdN8wBYm7OCBy9Z/fLbDDff/TG:wXdPDGmDbPDXdNSKOCK3LnD3L
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-