General
-
Target
fe65d613ad8b16de38950d57f10da32a_JaffaCakes118
-
Size
1.2MB
-
Sample
240421-eq4ahsba2x
-
MD5
fe65d613ad8b16de38950d57f10da32a
-
SHA1
7d66d19db991983c6c8c2fdb7f1c6f9338f590f7
-
SHA256
6f8775819fa3fcab050b0890e8809ce29774a7328f9fd0571b811ac85542af9e
-
SHA512
d3a7ce166ee45b35c66f225c0942a7d030de18668cc093823b2d69976e65f39ab782757884183c64a07047a19236c672f30039d9526f59bf58fb361395431587
-
SSDEEP
12288:wKftcn1U5MePFzpZJXj/6bRhQOwyOYuvbbTCQJ95JOEPpBja:7ftc1UacJGbRhQOw/bbbTCs/HPi
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/M6blptnVd3Wd9
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DATA SHEET.exe
-
Size
712KB
-
MD5
eb6143bbc3034da199802e561f5ea701
-
SHA1
c16d6d9c79e500a73dc33d764b22fb575d6bd474
-
SHA256
f9dc8d66ab3eb2ecf3a55276d8389ca7b688d78cdad725fd762714e311efd02f
-
SHA512
5a40613d2313b2c40e01134c15ec868082f153ed5c77dafa7394940af0778e079fd72404cef089ab01d9ff8758702886aeb3bf0b3a9642398db2a648a1c88051
-
SSDEEP
12288:kKftcn1U5MePFzpZJXj/6bRhQOwyOYuvbbTCQJ95JOEPpBja:/ftc1UacJGbRhQOw/bbbTCs/HPi
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-