General
-
Target
f8d69dc233a2ad23083cf5e84e0cdb26_JaffaCakes118
-
Size
264KB
-
Sample
240418-1wltbaha5z
-
MD5
f8d69dc233a2ad23083cf5e84e0cdb26
-
SHA1
8c9dd2f7ed7cf59f627d9db18ac081a5f9b5fecf
-
SHA256
ac4be23447bcbbbb8f30041b5f162098c77098e912f7938cc8ed2dde880fd3a7
-
SHA512
e4fca042b3f6e9af7af59030d1447439782126a58cc1819d40d7520b462200d80b66342c09e7b6bc2b543185409e3210e175e1e55ec07bc5fb4be7b43a2efaf9
-
SSDEEP
6144:lqt0b46OLlbK00X0qLPY9Ujc8XVOljQdBBhhnQW6wwkAC5Jk9MkhB:ItMX0wPYK48X6QtJ6tdC5JHSB
Malware Config
Extracted
lokibot
http://akiwinds.duckdns.org/chats/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f8d69dc233a2ad23083cf5e84e0cdb26_JaffaCakes118
-
Size
264KB
-
MD5
f8d69dc233a2ad23083cf5e84e0cdb26
-
SHA1
8c9dd2f7ed7cf59f627d9db18ac081a5f9b5fecf
-
SHA256
ac4be23447bcbbbb8f30041b5f162098c77098e912f7938cc8ed2dde880fd3a7
-
SHA512
e4fca042b3f6e9af7af59030d1447439782126a58cc1819d40d7520b462200d80b66342c09e7b6bc2b543185409e3210e175e1e55ec07bc5fb4be7b43a2efaf9
-
SSDEEP
6144:lqt0b46OLlbK00X0qLPY9Ujc8XVOljQdBBhhnQW6wwkAC5Jk9MkhB:ItMX0wPYK48X6QtJ6tdC5JHSB
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-