General
-
Target
28cf97f72cdba738fe94806e047be6ed4b261c1ef1eceec6f4f30a511d914aa7.exe
-
Size
543KB
-
Sample
240618-tbcatavakr
-
MD5
99847fa8352b1477dbf752ee33ecea14
-
SHA1
23a857a56d8cad76a3be365e144f179cfc6088ed
-
SHA256
28cf97f72cdba738fe94806e047be6ed4b261c1ef1eceec6f4f30a511d914aa7
-
SHA512
6f0cb7396b0850bb3e5b8289351d29050e4d925fea61a3824c9285a21da0933cfa737ea049fa9da50e479a41f42f3980da6cab35f0bc3ff10f0c8084f1af47e2
-
SSDEEP
12288:6o2iNvFIsPALRUdoBc7sUSky/aI3lQ3fE7W2+n+yMyYrIJw8C:t1DIK8UdOcBSkgaIO6CMyYE/C
Malware Config
Extracted
lokibot
http://104.248.205.66/index.php/935156794695
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
28cf97f72cdba738fe94806e047be6ed4b261c1ef1eceec6f4f30a511d914aa7.exe
-
Size
543KB
-
MD5
99847fa8352b1477dbf752ee33ecea14
-
SHA1
23a857a56d8cad76a3be365e144f179cfc6088ed
-
SHA256
28cf97f72cdba738fe94806e047be6ed4b261c1ef1eceec6f4f30a511d914aa7
-
SHA512
6f0cb7396b0850bb3e5b8289351d29050e4d925fea61a3824c9285a21da0933cfa737ea049fa9da50e479a41f42f3980da6cab35f0bc3ff10f0c8084f1af47e2
-
SSDEEP
12288:6o2iNvFIsPALRUdoBc7sUSky/aI3lQ3fE7W2+n+yMyYrIJw8C:t1DIK8UdOcBSkgaIO6CMyYE/C
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-