General
-
Target
275021d22c37a2e2f124512f67948f02_JaffaCakes118
-
Size
243KB
-
Sample
240508-3ya6pseg7v
-
MD5
275021d22c37a2e2f124512f67948f02
-
SHA1
e9fc6d024577a20cb52c491a71fb7bd8a654ad70
-
SHA256
3d013ade0afd70874b75e9190f63a98290b544467c5867a6d3048ea105e7252c
-
SHA512
24f8c368abf1421d0b0a2755f6115f14bad2bf16c44d5226cbafd657001c4faee96140ec4830a291e0f62368928d2a24c357110b06e100dd9d2b0a8b01ca323e
-
SSDEEP
3072:JIdKU+VGUzdMinPradcljSPQR3Wqt5D5m4BxNWJoEPE9I:idKU+VXxnedclOPQRRNm4fItq
Malware Config
Extracted
lokibot
http://richiechris.cf/wp/wp-content/oko/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
275021d22c37a2e2f124512f67948f02_JaffaCakes118
-
Size
243KB
-
MD5
275021d22c37a2e2f124512f67948f02
-
SHA1
e9fc6d024577a20cb52c491a71fb7bd8a654ad70
-
SHA256
3d013ade0afd70874b75e9190f63a98290b544467c5867a6d3048ea105e7252c
-
SHA512
24f8c368abf1421d0b0a2755f6115f14bad2bf16c44d5226cbafd657001c4faee96140ec4830a291e0f62368928d2a24c357110b06e100dd9d2b0a8b01ca323e
-
SSDEEP
3072:JIdKU+VGUzdMinPradcljSPQR3Wqt5D5m4BxNWJoEPE9I:idKU+VXxnedclOPQRRNm4fItq
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-