General
-
Target
022c2b9b6cdf1e3f75285e06ca724f0c_JaffaCakes118
-
Size
520KB
-
Sample
240427-cjwwrahg4y
-
MD5
022c2b9b6cdf1e3f75285e06ca724f0c
-
SHA1
471090abc59fd4715aa45abad3517cdb054ecc60
-
SHA256
ac00c94024de5b22343e0236de7a76369bb1648981f2c646df477c66b9d035f0
-
SHA512
9d6ef1c5610db9b32b48ba3f27c8f5d4909071d0687b0c3a6c0b39103ddd31028a413357353067fab16ffdf754619921a85042d2c725736ebcc326b3688567a8
-
SSDEEP
3072:qzsKSLoxoqg0YLJUM7kGrWOM3qXypOmk2meLRlAdTSvjxv:VK1Mriq2dLRlAd2vj
Malware Config
Extracted
lokibot
http://kenabee.in/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
022c2b9b6cdf1e3f75285e06ca724f0c_JaffaCakes118
-
Size
520KB
-
MD5
022c2b9b6cdf1e3f75285e06ca724f0c
-
SHA1
471090abc59fd4715aa45abad3517cdb054ecc60
-
SHA256
ac00c94024de5b22343e0236de7a76369bb1648981f2c646df477c66b9d035f0
-
SHA512
9d6ef1c5610db9b32b48ba3f27c8f5d4909071d0687b0c3a6c0b39103ddd31028a413357353067fab16ffdf754619921a85042d2c725736ebcc326b3688567a8
-
SSDEEP
3072:qzsKSLoxoqg0YLJUM7kGrWOM3qXypOmk2meLRlAdTSvjxv:VK1Mriq2dLRlAd2vj
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-