General
-
Target
f49e5a852feca0683ec31ea0941e2997_JaffaCakes118
-
Size
483KB
-
Sample
240417-abl1gahf3v
-
MD5
f49e5a852feca0683ec31ea0941e2997
-
SHA1
1d0eea1a7701e502f47e5f86e683a9bd4539d0e3
-
SHA256
0ff4cbb5cd7a30da780fd16c5401ba6d2ae2c437bcb461351d38f494c964cd63
-
SHA512
47665ce3682511e87a5cbef0510dd09527c9d252c2b3b63dea9c474b183e012127191a2039dadfb9b4d2eb67d23bd60f8bf649e61f73e086d05fd90e57314b5c
-
SSDEEP
6144:F1F082jjz5LHzQr7ikQ+rpZOKDTZW8rq1qePVNjsr5PRgNXgnQiKo4+Y:7OBjjz5L8qM1DE8rlePV+GBCy
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/mxnW4pqpedfLr
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f49e5a852feca0683ec31ea0941e2997_JaffaCakes118
-
Size
483KB
-
MD5
f49e5a852feca0683ec31ea0941e2997
-
SHA1
1d0eea1a7701e502f47e5f86e683a9bd4539d0e3
-
SHA256
0ff4cbb5cd7a30da780fd16c5401ba6d2ae2c437bcb461351d38f494c964cd63
-
SHA512
47665ce3682511e87a5cbef0510dd09527c9d252c2b3b63dea9c474b183e012127191a2039dadfb9b4d2eb67d23bd60f8bf649e61f73e086d05fd90e57314b5c
-
SSDEEP
6144:F1F082jjz5LHzQr7ikQ+rpZOKDTZW8rq1qePVNjsr5PRgNXgnQiKo4+Y:7OBjjz5L8qM1DE8rlePV+GBCy
Score10/10-
Detect ZGRat V1
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-