ThreatFox IOC Database

You are viewing the ThreatFox database entry for url http://74f26d34ffff049368a6cff8812f86ee.ga/BN22/fre.php.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:190547
IOC: http://74f26d34ffff049368a6cff8812f86ee.ga/BN22/fre.php
IOC Type :url
Threat Type :botnet_cc
Malware: Loki Password Stealer (PWS)
Malware alias:Burkina, Loki, LokiBot, LokiPWS
Confidence Level : Confidence level is high (100%)
First seen:2021-08-16 23:18:44 UTC
Last seen:never
UUID:4d0a45b1-fee8-11eb-830d-42010aa4000a
Reporter AndreGironda
Reward 5 credits from ThreatFox
Tags:Loki LokiBot
Reference: https://tria.ge/210816-zbn2h59y3j/behavioral1

Avatar
AndreGironda
MITRE T1566.001
Date: Mon, 16 Aug 2021 23:22:07 +0100
Subject: Swift Copy for Advance Payment
From: aigerim.zhaxybekova@bsm.kz
Message-ID: <1ca7472414fc5b7257b7568a91b5224d@bsm.kz>
Sender IP: 185.22.64.95
Attachment Name: Bank Swift.xlsx
Attachment SHA256: a0846459f175f0d4b614759bf41caa01bcecbbf51a54b1278da7dc64ba884e29
http://198.12.91[.]144/rpm/vbc.exe b372ba907ad4c120ac6ddd86e8de1821d19dffef023bd32c18359bcf82326842
https://www.unpac.me/results/8e9aae56-5305-4546-8656-e7dd90210b11
Unpacked SHA256: 3d333a2fba13501aec4505ae3a58c7bc85f3cf57c2f8402b704f79121651564c

Malware Samples

The table below documents recent malware samples observed that are associated with this indicator of compromise (IOC).

Time stamp (UTC)SHA256 hashBazaar
2021-08-23 07:05:40 672bfd2ee1ff418a1d0a969c4a8e548a359a389f31c12a720feb7b821975f8a5