General
-
Target
0783a462451899246bf997be89db3bb8_JaffaCakes118
-
Size
104KB
-
Sample
240429-m6b5zaha75
-
MD5
0783a462451899246bf997be89db3bb8
-
SHA1
c222f2c1ce06fe27deef02f64dabcd7647ad2012
-
SHA256
7df7cddfe4dac16e5cdc9c1453c5713d39d308d105b253ab8e1cef9e0b40acb5
-
SHA512
eb79b2f2f847ecc8d40cab8b1ed6a9cd72ca8a166cf367917150168fd7772dd100ef7b106c137d11de644e49b9e95186a9baed9b0cf0fb08f70bc676f241a424
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Malware Config
Extracted
lokibot
http://blacklifestyle.net/sliver/power/energy/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0783a462451899246bf997be89db3bb8_JaffaCakes118
-
Size
104KB
-
MD5
0783a462451899246bf997be89db3bb8
-
SHA1
c222f2c1ce06fe27deef02f64dabcd7647ad2012
-
SHA256
7df7cddfe4dac16e5cdc9c1453c5713d39d308d105b253ab8e1cef9e0b40acb5
-
SHA512
eb79b2f2f847ecc8d40cab8b1ed6a9cd72ca8a166cf367917150168fd7772dd100ef7b106c137d11de644e49b9e95186a9baed9b0cf0fb08f70bc676f241a424
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-