General
-
Target
DHL Express Shipping Document.exe
-
Size
605KB
-
Sample
230419-tn4ktsdg2t
-
MD5
8a53387725ecb1b93e0f2df3a00c8c62
-
SHA1
a9da7d4d2480c01879303d16a4c51df989c3fe08
-
SHA256
f763364afc68ac355f06c3c0cc321715fe91c2d0fad76f206fb4713b3b79d43e
-
SHA512
a034391257a850453f93a6149edbff5bd5aac63a60bd4b3cfa5360bda4aeeaa7c9edc087e5f90e09877d54211d4528620eaf7913c5b09466531f9593bf18ad5c
-
SSDEEP
12288:MDBO5ZZC/W2n98zit94ORdymW7l7yEZGlt6ypcQrIMdcpEOPKQ89FoGs:MDqTC/fiz6ymW+vldpcoPdc9KN92G
Malware Config
Extracted
lokibot
http://104.156.227.195/~blog/?p=89857100
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Express Shipping Document.exe
-
Size
605KB
-
MD5
8a53387725ecb1b93e0f2df3a00c8c62
-
SHA1
a9da7d4d2480c01879303d16a4c51df989c3fe08
-
SHA256
f763364afc68ac355f06c3c0cc321715fe91c2d0fad76f206fb4713b3b79d43e
-
SHA512
a034391257a850453f93a6149edbff5bd5aac63a60bd4b3cfa5360bda4aeeaa7c9edc087e5f90e09877d54211d4528620eaf7913c5b09466531f9593bf18ad5c
-
SSDEEP
12288:MDBO5ZZC/W2n98zit94ORdymW7l7yEZGlt6ypcQrIMdcpEOPKQ89FoGs:MDqTC/fiz6ymW+vldpcoPdc9KN92G
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-