General
-
Target
25c79316d2ccebb98a7ae05864d447b3_JaffaCakes118
-
Size
784KB
-
Sample
240329-s1z8hacb53
-
MD5
25c79316d2ccebb98a7ae05864d447b3
-
SHA1
6b1872dae8f67dcffb922c2cb982ce8756d2ee69
-
SHA256
549339c559964c23f25b72c7160858295bc4b5451110f8e4fb5d64e7328911f3
-
SHA512
cc6acb945ae90c53b0d567e5d5832003d6d5b140187b5b7caa97ab834e778ef479481341b71ff9b6b6fca9d0e774fa1a93613754089643e773206e26e1ff845b
-
SSDEEP
12288:+R9Hjp1YhlNcDUQ2M+9hiwVKIbumly0q/73vU7b0CVITuREvqkxQWXQJixJ8nitF:09H91YhlM2BKwoUum3q/73vU
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=490
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
25c79316d2ccebb98a7ae05864d447b3_JaffaCakes118
-
Size
784KB
-
MD5
25c79316d2ccebb98a7ae05864d447b3
-
SHA1
6b1872dae8f67dcffb922c2cb982ce8756d2ee69
-
SHA256
549339c559964c23f25b72c7160858295bc4b5451110f8e4fb5d64e7328911f3
-
SHA512
cc6acb945ae90c53b0d567e5d5832003d6d5b140187b5b7caa97ab834e778ef479481341b71ff9b6b6fca9d0e774fa1a93613754089643e773206e26e1ff845b
-
SSDEEP
12288:+R9Hjp1YhlNcDUQ2M+9hiwVKIbumly0q/73vU7b0CVITuREvqkxQWXQJixJ8nitF:09H91YhlM2BKwoUum3q/73vU
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-