Extracted

• • Target

    SecuriteInfo.com.Exploit.CVE-2018-0798.4.29500.322.rtf

  • Size

    493KB

  • MD5

    d4114e19370fc67f7ba24d46bc6f53d2

  • SHA1

    dd71a38ee9936da3c085e48719518f089192fa62

  • SHA256

    d5a6b19ed0cb225a61c510bff2f2713b3a69435527f41fbb83d4e8343effaa13

  • SHA512

    177860704b9b2e58ac0d8d3d6b61d12151ba5cf2852c473526594d5be44e008bcadbec9a6a47827d9ea080d0ea97370549e7d651897f701be7dd9c85e529a53e

  • SSDEEP

    6144:OwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAYwAL:4

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2