General
-
Target
e8ce6b88ed6c5311f2f86297db0721e7_JaffaCakes118
-
Size
933KB
-
Sample
240409-ay69xscb3z
-
MD5
e8ce6b88ed6c5311f2f86297db0721e7
-
SHA1
a5d06388c92ece481d9ba76d1909d603a6afaf9c
-
SHA256
0b69967e2521d32bbe7e73b50d7458aaf1ef1d61e4ba3ecd3fcbe4efde30a37a
-
SHA512
9f67fe01df7deaddfc281e115713050c401b1d26b859080564cbc1ce1104908aa66938630ea0f6629209fdb4940206c9e640c78d9297cd435d46f18785b51df3
-
SSDEEP
24576:2I74rGKaEvvTt/d5hzsa1RzkO9ogva1mDbiZr2x8jmappc:2I4Vvvzz1tva1Qlap
Malware Config
Extracted
lokibot
http://manvim.co/fd5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e8ce6b88ed6c5311f2f86297db0721e7_JaffaCakes118
-
Size
933KB
-
MD5
e8ce6b88ed6c5311f2f86297db0721e7
-
SHA1
a5d06388c92ece481d9ba76d1909d603a6afaf9c
-
SHA256
0b69967e2521d32bbe7e73b50d7458aaf1ef1d61e4ba3ecd3fcbe4efde30a37a
-
SHA512
9f67fe01df7deaddfc281e115713050c401b1d26b859080564cbc1ce1104908aa66938630ea0f6629209fdb4940206c9e640c78d9297cd435d46f18785b51df3
-
SSDEEP
24576:2I74rGKaEvvTt/d5hzsa1RzkO9ogva1mDbiZr2x8jmappc:2I4Vvvzz1tva1Qlap
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-