General
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
-
Size
587KB
-
Sample
230130-q2dpsaaf34
-
MD5
7fd475ea79dc131001cb334373f96c74
-
SHA1
256701edda96f60211fb90cd0e093dddbbf8c56d
-
SHA256
a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733
-
SHA512
aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198
-
SSDEEP
12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe
Malware Config
Extracted
lokibot
http://171.22.30.147/gk1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe
-
Size
587KB
-
MD5
7fd475ea79dc131001cb334373f96c74
-
SHA1
256701edda96f60211fb90cd0e093dddbbf8c56d
-
SHA256
a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733
-
SHA512
aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198
-
SSDEEP
12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-