General
-
Target
3d60ff02cb0bbe087d72f6fc17acff63_JaffaCakes118
-
Size
200KB
-
Sample
240514-btjthaeb64
-
MD5
3d60ff02cb0bbe087d72f6fc17acff63
-
SHA1
51ef498890a8cef15149732b3e7edb1d8f8e7908
-
SHA256
01eff7dc5475dd9970cd528fba680b9049fa890059431083fb738d04ecb00016
-
SHA512
9f3f5ec417325973003722a9720e55177dbf5b1d4fd331f52cc9bf5ece2090e12cd8b6a48bec231a073ea5ea2339b473bd232846f73e2255f72ffdaf8c5876a7
-
SSDEEP
3072:ih8exEYBifxEPwueKbfpQdI13o3w2Q+rwHRyvw035vbbuLH+:YEYBifxEPwu3cI13uQEwxyZ5vbb0H+
Malware Config
Extracted
lokibot
http://strutitinca.ro/ftp/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3d60ff02cb0bbe087d72f6fc17acff63_JaffaCakes118
-
Size
200KB
-
MD5
3d60ff02cb0bbe087d72f6fc17acff63
-
SHA1
51ef498890a8cef15149732b3e7edb1d8f8e7908
-
SHA256
01eff7dc5475dd9970cd528fba680b9049fa890059431083fb738d04ecb00016
-
SHA512
9f3f5ec417325973003722a9720e55177dbf5b1d4fd331f52cc9bf5ece2090e12cd8b6a48bec231a073ea5ea2339b473bd232846f73e2255f72ffdaf8c5876a7
-
SSDEEP
3072:ih8exEYBifxEPwueKbfpQdI13o3w2Q+rwHRyvw035vbbuLH+:YEYBifxEPwu3cI13uQEwxyZ5vbb0H+
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-