General
-
Target
fe0f606f95053efa7caac58ef465794f_JaffaCakes118
-
Size
835KB
-
Sample
240421-bdakwsef98
-
MD5
fe0f606f95053efa7caac58ef465794f
-
SHA1
6c241fd13a0934630727c061372082e4254e8cbc
-
SHA256
425ade725d835eb86e86d4a0e7f537e92d9d8538640c2d1b8d75d6acc334b827
-
SHA512
55983b45973673b087d9bb88a0032252f4b76f756ad7acc97e8bcce0c357672a22958067b256a0d0d93463ab6d00444cfb6d2d048fd4ef72b54cc04f2a9a9643
-
SSDEEP
12288:rgDc9F3nC0Py3gAhkd5sIxRLYCVUkiXkCvsh4p/bWQpnUYB0m7vXltUzpnL5tlv:rXsIxRLPUki/jpBnULC0
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/4LlT7SRZcUYvF
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fe0f606f95053efa7caac58ef465794f_JaffaCakes118
-
Size
835KB
-
MD5
fe0f606f95053efa7caac58ef465794f
-
SHA1
6c241fd13a0934630727c061372082e4254e8cbc
-
SHA256
425ade725d835eb86e86d4a0e7f537e92d9d8538640c2d1b8d75d6acc334b827
-
SHA512
55983b45973673b087d9bb88a0032252f4b76f756ad7acc97e8bcce0c357672a22958067b256a0d0d93463ab6d00444cfb6d2d048fd4ef72b54cc04f2a9a9643
-
SSDEEP
12288:rgDc9F3nC0Py3gAhkd5sIxRLYCVUkiXkCvsh4p/bWQpnUYB0m7vXltUzpnL5tlv:rXsIxRLPUki/jpBnULC0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-