General
-
Target
DHL Expres Shipment documents.exe
-
Size
712KB
-
Sample
230616-nfezlsef96
-
MD5
e77c90e8ff96196b410f6c0868307f6f
-
SHA1
5e60718c4927110e4adaa80bf2f20159a4004c83
-
SHA256
b10ac6368ee3c8996225a455a213cbafad3a361e093960401d0ac54f8a1db5cc
-
SHA512
fb01ac3be0893b98b03634043647a21ee1b1572941f293533e1f3624c1c49fedbe54345fbbcd00cbcbb616e19c682b4a683f43d421701ffc2b8fe189f1a389c6
-
SSDEEP
12288:3Nlta2iNx5LbzIu9+r9CKOp5FevqMiikyPfXKvmuwu2QJnDIAOvJTYR2:da1j5LA9WpaqMiiRzNu2QJUzvJTe2
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=61353
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Expres Shipment documents.exe
-
Size
712KB
-
MD5
e77c90e8ff96196b410f6c0868307f6f
-
SHA1
5e60718c4927110e4adaa80bf2f20159a4004c83
-
SHA256
b10ac6368ee3c8996225a455a213cbafad3a361e093960401d0ac54f8a1db5cc
-
SHA512
fb01ac3be0893b98b03634043647a21ee1b1572941f293533e1f3624c1c49fedbe54345fbbcd00cbcbb616e19c682b4a683f43d421701ffc2b8fe189f1a389c6
-
SSDEEP
12288:3Nlta2iNx5LbzIu9+r9CKOp5FevqMiikyPfXKvmuwu2QJnDIAOvJTYR2:da1j5LA9WpaqMiiRzNu2QJUzvJTe2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-