General
-
Target
Attached_Scanned_Copy_pdf.exe
-
Size
498KB
-
Sample
221217-z5k3pshf67
-
MD5
90360c96ca2b1a1854cb6e26ccead420
-
SHA1
4541799eb3a55bd41b77235309edee4cc1f8fb17
-
SHA256
a9036bf043f2e34c9acaac95ac56a8721e19ee193cc125687f0bc269dc34ea77
-
SHA512
034f64fff4a594a6c52ec7bd1a1a66deec5b03afa2c39c67753b69cbcf6ee2a57ac0395b74ad96f4489ac429a277ce50c61e274af546038e73dcb813a44730fe
-
SSDEEP
6144:vEbMnl6tA50RvIHdazkH8Tj7RTgTXQBi4N0SPUECHEnVYEJ2osv+06:Z5yzBBTgTABVRUxknvJ2ll6
Malware Config
Extracted
lokibot
http://kene.us/ASAZI/bul.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Attached_Scanned_Copy_pdf.exe
-
Size
498KB
-
MD5
90360c96ca2b1a1854cb6e26ccead420
-
SHA1
4541799eb3a55bd41b77235309edee4cc1f8fb17
-
SHA256
a9036bf043f2e34c9acaac95ac56a8721e19ee193cc125687f0bc269dc34ea77
-
SHA512
034f64fff4a594a6c52ec7bd1a1a66deec5b03afa2c39c67753b69cbcf6ee2a57ac0395b74ad96f4489ac429a277ce50c61e274af546038e73dcb813a44730fe
-
SSDEEP
6144:vEbMnl6tA50RvIHdazkH8Tj7RTgTXQBi4N0SPUECHEnVYEJ2osv+06:Z5yzBBTgTABVRUxknvJ2ll6
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-