General
-
Target
978fb60348a3c68aa7c7e7f31f53dceb7ca1bb56909877acb50d6e02ff8d0e5f
-
Size
362KB
-
Sample
220521-n113ksedg3
-
MD5
57bc02abf45ceccff2f8847dbb81843a
-
SHA1
2bf15dbb65a5cbe2d0cd60acadc91f32c5a87c96
-
SHA256
978fb60348a3c68aa7c7e7f31f53dceb7ca1bb56909877acb50d6e02ff8d0e5f
-
SHA512
689d7c3ccd1242615e5570fa652bc41c767d9624083480db6823d671c4f99163d4cc51d470e997c6784b29dd5042c018f44de6f5b3df73ac71de75de05144542
Malware Config
Targets
-
-
Target
Debit note May-20_pdf.exe
-
Size
616KB
-
MD5
c0a2d0e5fbc2c4cca88b1e22f1b91539
-
SHA1
f5f772becbb8ee868b8e00f04459349a741723ac
-
SHA256
f02f1aa81359a40dc5654db55fe211c8dff8c88a790d10089fcbca1840a84c3a
-
SHA512
c8abb7a1f6144fecf12daa9a957197db9a60e87453fa367c0e781465c4a4d9d73866765a64b6a154bd7ce1a0cc6d44dbe2296175842f4638b1597cd7a975974a
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-