General
-
Target
17dd626669b3f7482f75c1beb9dbd13c398180240cdbf91c37a32ef5ba8a40f4
-
Size
390KB
-
Sample
220521-w7kceaedbl
-
MD5
64aeedb1e40a3e040ac7cbacc7584f37
-
SHA1
f34d6da1163c0f5079487dac7adab56a35d0f563
-
SHA256
17dd626669b3f7482f75c1beb9dbd13c398180240cdbf91c37a32ef5ba8a40f4
-
SHA512
55c2c57c1b9f2c768271feb9e7e126029dfee7628a6c48eb8c2e2bcd504c819e0256dc967707784258247f80b798d9c951da9cd555b27de7f94f1b238dfa8b3e
Malware Config
Targets
-
-
Target
debb.exe
-
Size
408KB
-
MD5
73b1fecfd38a17ad5e7ea69223327976
-
SHA1
baf594e729bcedc6685daac477986bb8aeebbbfc
-
SHA256
5b2989ef162f3637ce93f1aa6b8a0efaf712078d1217aed9150b8c7dc55f0275
-
SHA512
7c72932249105743c92d5a663156c42aca72a13f42a7ae9d4dc08e55500af484c892e21756b8064325119b3a94406734954b7ef3731b5b7d6c78135b36f7df9d
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-