General
-
Target
PDA Appointment letter.exe
-
Size
664KB
-
Sample
230119-jspblacd6s
-
MD5
03fc597830b1ec63369d51839dc27155
-
SHA1
b87ca6f7a897c02b5fc76ba530508feb5e0e136e
-
SHA256
6cf9ce1fdecc2037bf2ba58c7b41bffa214c0bf5fa53e5949259b0fed81b34e0
-
SHA512
3b039468b663de4696e795c09db3fcdccf50130c1ec40fb1352a8bfed0c33f0188fefc7d863f219e87c7b704b8d3afc085fe88b1edd49d84fa8a0a1891657aa1
-
SSDEEP
12288:7wN9jXnu0bl9eONs9XmjaMrbKMMR0b5Yl8QTlIAjht:EN973lcXm/KMpb5Yl8QTl
Malware Config
Extracted
lokibot
http://171.22.30.147/health2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PDA Appointment letter.exe
-
Size
664KB
-
MD5
03fc597830b1ec63369d51839dc27155
-
SHA1
b87ca6f7a897c02b5fc76ba530508feb5e0e136e
-
SHA256
6cf9ce1fdecc2037bf2ba58c7b41bffa214c0bf5fa53e5949259b0fed81b34e0
-
SHA512
3b039468b663de4696e795c09db3fcdccf50130c1ec40fb1352a8bfed0c33f0188fefc7d863f219e87c7b704b8d3afc085fe88b1edd49d84fa8a0a1891657aa1
-
SSDEEP
12288:7wN9jXnu0bl9eONs9XmjaMrbKMMR0b5Yl8QTlIAjht:EN973lcXm/KMpb5Yl8QTl
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-