General
-
Target
3e68d38b9687d6d947711d1105076a1a_JaffaCakes118
-
Size
386KB
-
Sample
240513-jhnx3scg3x
-
MD5
3e68d38b9687d6d947711d1105076a1a
-
SHA1
f7b7e51adbd2ad3830b23ba1047b2ff06662ef3c
-
SHA256
9e931ddc070e0c5be9b565479a298449f8c38a686472774386d5a3a402b4eee6
-
SHA512
76cc87ccf6d6d8e2c56c4a778f17b1d3a3904714d4ac861f9b99e75eaf3c1191073a0ae3c2352e8b86cd2966ecb591082d87b7e64f577204f668c34a7360dd13
-
SSDEEP
3072:Wq9dGWohBHIQ9se3BhHI7+vFP28A7eq1PAJ74Icry78/w/PM4mMyJvPaZESu:YqQOkBlIwFP87TARcikH1v+Er
Malware Config
Extracted
lokibot
http://ipqbook.com/shalom/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3e68d38b9687d6d947711d1105076a1a_JaffaCakes118
-
Size
386KB
-
MD5
3e68d38b9687d6d947711d1105076a1a
-
SHA1
f7b7e51adbd2ad3830b23ba1047b2ff06662ef3c
-
SHA256
9e931ddc070e0c5be9b565479a298449f8c38a686472774386d5a3a402b4eee6
-
SHA512
76cc87ccf6d6d8e2c56c4a778f17b1d3a3904714d4ac861f9b99e75eaf3c1191073a0ae3c2352e8b86cd2966ecb591082d87b7e64f577204f668c34a7360dd13
-
SSDEEP
3072:Wq9dGWohBHIQ9se3BhHI7+vFP28A7eq1PAJ74Icry78/w/PM4mMyJvPaZESu:YqQOkBlIwFP87TARcikH1v+Er
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-