General
-
Target
44c3e055dfeffca5d28f8d2e0f112c97_JaffaCakes118
-
Size
545KB
-
Sample
240515-gfjjgabg21
-
MD5
44c3e055dfeffca5d28f8d2e0f112c97
-
SHA1
4ce1da156e407467492b3f475a598f27a340eba5
-
SHA256
74a22ccb45b9806eefd7f46660983cc32500b8ffcf5a63fb2aec1ca80fc0e6f9
-
SHA512
4ff3bfbc3612c9d81b4446e2bf86de12460fd79ec01d2fd5628a2f789412eed7c619cd4acb86972d1cdc4748f5c6335f6991c7a6966c620b971cd01b077bfe59
-
SSDEEP
12288:bmgAiqfI8FEz8LcDq1eoNJjfbNs8JB6l8TjvBQiKxIZ7f:bmgALI8i8LcDqZjq8ylcjvBQiL5
Malware Config
Extracted
lokibot
http://sasils.men/temp/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
44c3e055dfeffca5d28f8d2e0f112c97_JaffaCakes118
-
Size
545KB
-
MD5
44c3e055dfeffca5d28f8d2e0f112c97
-
SHA1
4ce1da156e407467492b3f475a598f27a340eba5
-
SHA256
74a22ccb45b9806eefd7f46660983cc32500b8ffcf5a63fb2aec1ca80fc0e6f9
-
SHA512
4ff3bfbc3612c9d81b4446e2bf86de12460fd79ec01d2fd5628a2f789412eed7c619cd4acb86972d1cdc4748f5c6335f6991c7a6966c620b971cd01b077bfe59
-
SSDEEP
12288:bmgAiqfI8FEz8LcDq1eoNJjfbNs8JB6l8TjvBQiKxIZ7f:bmgALI8i8LcDqZjq8ylcjvBQiL5
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-