General

  • Target

    50f3773504bd569dbac6a1ed99236d49442647fe212d53d35b911167f092350e..exe

  • Size

    348KB

  • Sample

    250223-lb5ncs1kgw

  • MD5

    b9558fdb3ec44e8d44ec053f2f2c02b7

  • SHA1

    bfea6e1666d7c84b4ac4e1f9cbb1cbfffeebd1e8

  • SHA256

    50f3773504bd569dbac6a1ed99236d49442647fe212d53d35b911167f092350e

  • SHA512

    36d84adfdcaef47026d61125b3efaeccee9dd2d4ee411980b012047ba53f6613d3597ed83382ebe1c983e35485f164c9434e6af0d2b01f95f369a224f6b36a04

  • SSDEEP

    6144:w7I+G5XEZJHNEYYYYYYYYYYYYYYYYYYYcDDDDDDDDDDDDDDDDDDDDDDDDDDDDhwY:w7+XcHqYYYYYYYYYYYYYYYYYYYsMMVMM

Malware Config

Targets

    • Target

      50f3773504bd569dbac6a1ed99236d49442647fe212d53d35b911167f092350e..exe

    • Size

      348KB

    • MD5

      b9558fdb3ec44e8d44ec053f2f2c02b7

    • SHA1

      bfea6e1666d7c84b4ac4e1f9cbb1cbfffeebd1e8

    • SHA256

      50f3773504bd569dbac6a1ed99236d49442647fe212d53d35b911167f092350e

    • SHA512

      36d84adfdcaef47026d61125b3efaeccee9dd2d4ee411980b012047ba53f6613d3597ed83382ebe1c983e35485f164c9434e6af0d2b01f95f369a224f6b36a04

    • SSDEEP

      6144:w7I+G5XEZJHNEYYYYYYYYYYYYYYYYYYYcDDDDDDDDDDDDDDDDDDDDDDDDDDDDhwY:w7+XcHqYYYYYYYYYYYYYYYYYYYsMMVMM

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Lokibot family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks