General
-
Target
96935f118fdeae482ef56256b22acf86.rtf
-
Size
27KB
-
Sample
230512-bjxydadd9v
-
MD5
96935f118fdeae482ef56256b22acf86
-
SHA1
326ee56fe73a4257aea97bb58a1b1bc38cbf43f9
-
SHA256
5d6fbafbed3befc57c4ce0889e1d381e98fba1f084b6fe169b6d692420854210
-
SHA512
1c471044598efa457f3448a1765ead8fe5e1284872c985eddcd0caf632b8c2f74abd480a08a37c4b4e87623c43f223ebf653cddcb8c4559725d8266bd2dc6603
-
SSDEEP
768:/e4fY4IkeG7nRDxfUgbSik3p9gDuN3l9CS66r2OYPOhv4/G7CA8j7XBAcJKW:/LwKpN1Uak3BlkS66r2VOhIU8+Al
Malware Config
Extracted
lokibot
http://171.22.30.164/mancho/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
96935f118fdeae482ef56256b22acf86.rtf
-
Size
27KB
-
MD5
96935f118fdeae482ef56256b22acf86
-
SHA1
326ee56fe73a4257aea97bb58a1b1bc38cbf43f9
-
SHA256
5d6fbafbed3befc57c4ce0889e1d381e98fba1f084b6fe169b6d692420854210
-
SHA512
1c471044598efa457f3448a1765ead8fe5e1284872c985eddcd0caf632b8c2f74abd480a08a37c4b4e87623c43f223ebf653cddcb8c4559725d8266bd2dc6603
-
SSDEEP
768:/e4fY4IkeG7nRDxfUgbSik3p9gDuN3l9CS66r2OYPOhv4/G7CA8j7XBAcJKW:/LwKpN1Uak3BlkS66r2VOhIU8+Al
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-