General
-
Target
57c9ca749c7bbd6539c40a5d7d3530a4_JaffaCakes118
-
Size
116KB
-
Sample
240519-be85vaac46
-
MD5
57c9ca749c7bbd6539c40a5d7d3530a4
-
SHA1
710ca10754ab027a9d1422fa2e9c852165c14ca1
-
SHA256
35a3af18071ddc0f796d78dc7a0e93cee9d3878056e518c2f5fdf7b215f3bef2
-
SHA512
500477e1b875aaa87d9f044ac1d288130a4ef7f83df9e9f2a5862ffba613fd01b72efb674fa2562c9b4fa45e9a80a10741263964816035c0d8453fe173bb786f
-
SSDEEP
3072:mZCRGQOOr0mrYNRcDBPZmCHfRBKg37x2:mZkGQnfrYNm1ZmAf
Malware Config
Extracted
lokibot
https://akonapis.cf/ssqq/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
57c9ca749c7bbd6539c40a5d7d3530a4_JaffaCakes118
-
Size
116KB
-
MD5
57c9ca749c7bbd6539c40a5d7d3530a4
-
SHA1
710ca10754ab027a9d1422fa2e9c852165c14ca1
-
SHA256
35a3af18071ddc0f796d78dc7a0e93cee9d3878056e518c2f5fdf7b215f3bef2
-
SHA512
500477e1b875aaa87d9f044ac1d288130a4ef7f83df9e9f2a5862ffba613fd01b72efb674fa2562c9b4fa45e9a80a10741263964816035c0d8453fe173bb786f
-
SSDEEP
3072:mZCRGQOOr0mrYNRcDBPZmCHfRBKg37x2:mZkGQnfrYNm1ZmAf
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-