General
-
Target
RFQ_PDF.arj
-
Size
533KB
-
Sample
240617-krnt4sxcmp
-
MD5
3712b26d19bc6b737fe4efdbbba161d3
-
SHA1
8fc551b37f5378a425f0247f41d48584a72b1246
-
SHA256
5f8d5465ca543c43e092633df12e87a4c64e1bbe46383696e57363665513e35f
-
SHA512
3f165561d62fc2b4670eb9fa725c6a68f80da81e4bfe3ce2551c68242d8716be16f24ca4592768d42b546f59d76432a4c60730324ea5fcb5d5a0f8605d0f0f13
-
SSDEEP
12288:VHE4Ag5BXcj6jXEjwVj9KNzIwB32SVo43Pp7al2kC:Vk4Ag5BXcj6ojZNQSVo43PdpV
Malware Config
Extracted
lokibot
https://edgewell.cam/DV2/PWS/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ_PDF.exe
-
Size
961KB
-
MD5
0a992633e64cdfb5cf4d7e8991ab6a6e
-
SHA1
2799fc17e93b9b386cf47d4968c7e9a0b95c226d
-
SHA256
5909649b24c15202df7a9f3f9896396d31d449f8b7e736c076ad771d03267f5b
-
SHA512
19a1858f99e98f050beb686039f6f0acaef206739376c8d2bd006c6c571f3fcbd00cfd1c84e70deabb92802dfde59dc9abcbf955db3d16269fa0114298877992
-
SSDEEP
12288:ptb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga2TAo4fPB7aLqPT6A:ptb20pkaCqT5TBWgNQ7aOAo4fP1DT6A
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-