General
-
Target
5589502c0770144ecf0b3419dfe95d37_JaffaCakes118
-
Size
1.1MB
-
Sample
240518-taedsaba2t
-
MD5
5589502c0770144ecf0b3419dfe95d37
-
SHA1
e430974c8bf45c2093ba2932b23cb6132de714c9
-
SHA256
5314494cb56b5c07789412528334f1c0a3620be75c2b40fa400dac4939dbf399
-
SHA512
4db4f14d3b63c34f60739fb001bc702f2696e1896677949c03c89bb5c8cb84da54b04441e79943891fc7f814eeb1573d36adb2a4ff36fce2976ca9fddd3a8703
-
SSDEEP
12288:K3HxvTzdIhHc6s6fvAHL8EIEgCPcuxWlsmP8H7zNA8vF0FB3HBjjon3JBI:K3x3S7s6fvAHa1eWnEb6+O3qZBI
Malware Config
Extracted
lokibot
http://avebx.ga/3-0fkH/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5589502c0770144ecf0b3419dfe95d37_JaffaCakes118
-
Size
1.1MB
-
MD5
5589502c0770144ecf0b3419dfe95d37
-
SHA1
e430974c8bf45c2093ba2932b23cb6132de714c9
-
SHA256
5314494cb56b5c07789412528334f1c0a3620be75c2b40fa400dac4939dbf399
-
SHA512
4db4f14d3b63c34f60739fb001bc702f2696e1896677949c03c89bb5c8cb84da54b04441e79943891fc7f814eeb1573d36adb2a4ff36fce2976ca9fddd3a8703
-
SSDEEP
12288:K3HxvTzdIhHc6s6fvAHL8EIEgCPcuxWlsmP8H7zNA8vF0FB3HBjjon3JBI:K3x3S7s6fvAHa1eWnEb6+O3qZBI
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-