General
-
Target
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118
-
Size
618KB
-
Sample
240513-rqdq3sba39
-
MD5
3fe7c4d49366bb0a1dbb800e7e8062d3
-
SHA1
7913c3d1d6db3fd0e644abf8be9723d818044cb9
-
SHA256
9f90f234f9d7ce737d96ddb3046af3a6d078fe7ff348b2b590786fcaf00ff60a
-
SHA512
ab07b3bf835f3c0b57e9c21bb72cde4e0cd7d76b51344389042e94e8c6f1854041e057e767c53521f3c6d7b4f97055eabf0385675a679276c76517fff713ec8b
-
SSDEEP
12288:vglTze9q8m9QpQyrVH8X3ntvrwkg0uNk1H2xRNUI95F+mqoGFBQEzYbca:v8K9q8myrG3tvrH68ARNU45dqdFBQ/ca
Malware Config
Extracted
lokibot
http://babaseoa.com/cartel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118
-
Size
618KB
-
MD5
3fe7c4d49366bb0a1dbb800e7e8062d3
-
SHA1
7913c3d1d6db3fd0e644abf8be9723d818044cb9
-
SHA256
9f90f234f9d7ce737d96ddb3046af3a6d078fe7ff348b2b590786fcaf00ff60a
-
SHA512
ab07b3bf835f3c0b57e9c21bb72cde4e0cd7d76b51344389042e94e8c6f1854041e057e767c53521f3c6d7b4f97055eabf0385675a679276c76517fff713ec8b
-
SSDEEP
12288:vglTze9q8m9QpQyrVH8X3ntvrwkg0uNk1H2xRNUI95F+mqoGFBQEzYbca:v8K9q8myrG3tvrH68ARNU45dqdFBQ/ca
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-