General
-
Target
495e61951c10165e213e912a81aa4bd9_JaffaCakes118
-
Size
1.4MB
-
Sample
240516-eql18sbf73
-
MD5
495e61951c10165e213e912a81aa4bd9
-
SHA1
1fedd1b1eb32fd5924512e925a118ae298892a7f
-
SHA256
bf7d97018913730fa8ebce051ef1d6135ec4fcae2f7c9008bcea0222dc864e48
-
SHA512
7dd922ed7c554a13dddac797405807e571a5afa8bffd400aa59028c285c6ac991234fbbd2979c7b7948bb3d8fff1a6864dbfa1d34e8572dda1543feb3fe2efc8
-
SSDEEP
12288:xIUUeaiPu077GQy/ByUGTQAyxLV8QCynDtVsXxgLPQ1K5nQVLKbelu83bHqEt+qk:xIU3a2XGITQr5HDtVZofKNaTB+yPZKz
Malware Config
Extracted
lokibot
http://fui.igg.biz/oj-2353498/cgi.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
495e61951c10165e213e912a81aa4bd9_JaffaCakes118
-
Size
1.4MB
-
MD5
495e61951c10165e213e912a81aa4bd9
-
SHA1
1fedd1b1eb32fd5924512e925a118ae298892a7f
-
SHA256
bf7d97018913730fa8ebce051ef1d6135ec4fcae2f7c9008bcea0222dc864e48
-
SHA512
7dd922ed7c554a13dddac797405807e571a5afa8bffd400aa59028c285c6ac991234fbbd2979c7b7948bb3d8fff1a6864dbfa1d34e8572dda1543feb3fe2efc8
-
SSDEEP
12288:xIUUeaiPu077GQy/ByUGTQAyxLV8QCynDtVsXxgLPQ1K5nQVLKbelu83bHqEt+qk:xIU3a2XGITQr5HDtVZofKNaTB+yPZKz
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-