myehterwallet.top Loki bot (Hosted in China Hangzhou Alibaba.com Llc)

Encrypted configuration : hxxp://myehterwallet.top/UJZfOVD59Rue1AtQ/conf.php

Panel Login : hxxp://myehterwallet.top/UJZfOVD59Rue1AtQ/login.php

Behavior : Steals data from browsers chrome,firefox,internet explorer/Edge ,

steals data from applications like WinSCP,Pidgin ,

steals data from Microsoft Outlook via registry.

Sample : hxxp://45.141.86.139/update/updatewallet.exe

 

Hosting Info :

hxxp://whois.domaintools.com/47.254.174.146

 

Categories: Uncategorized