General
-
Target
34760d7f37d456ec9ac8342f407df0b3_JaffaCakes118
-
Size
497KB
-
Sample
240511-n3cg1aeh3y
-
MD5
34760d7f37d456ec9ac8342f407df0b3
-
SHA1
049df3a38d9a393c7f1020274e2a30ddff403ee7
-
SHA256
b2e1e8bbd809a7a7be60273c60531e6cad43fa9e7738fb96cdad567cdba19946
-
SHA512
a16b5cd5936efd28c216dd2dcee5be683131e08039f7f6dbd5ace1761f862fa6f020535765eeea936128f0dc35520d13dc429321e1b29ba47bc12f4fb5857203
-
SSDEEP
12288:KSDiu7Y2NufE+EVIr2RDg1WNhiiGttf6Ea:KSRYC3VI3WCf69
Malware Config
Extracted
lokibot
http://higomanga.info/sky9/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
34760d7f37d456ec9ac8342f407df0b3_JaffaCakes118
-
Size
497KB
-
MD5
34760d7f37d456ec9ac8342f407df0b3
-
SHA1
049df3a38d9a393c7f1020274e2a30ddff403ee7
-
SHA256
b2e1e8bbd809a7a7be60273c60531e6cad43fa9e7738fb96cdad567cdba19946
-
SHA512
a16b5cd5936efd28c216dd2dcee5be683131e08039f7f6dbd5ace1761f862fa6f020535765eeea936128f0dc35520d13dc429321e1b29ba47bc12f4fb5857203
-
SSDEEP
12288:KSDiu7Y2NufE+EVIr2RDg1WNhiiGttf6Ea:KSRYC3VI3WCf69
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-