General
-
Target
66ba1cf701941ec97285cf498ab67b9b_JaffaCakes118
-
Size
564KB
-
Sample
240522-kys3eaab9y
-
MD5
66ba1cf701941ec97285cf498ab67b9b
-
SHA1
4be68c2581e02e36b0511792d8f564d8401ef5e7
-
SHA256
faa03d8c2d40970ea9355723cd5bc393b8223ca964b2cb79a9e8c104e4c2d8c6
-
SHA512
81f578c9b83db8cddd378fe26f20821e57d4f7a08d8eb9d7d1ee0356293c6a1c65ed76b1fd36598b61233ffe19791a9ae32b3d7021d4b73840111df7301de300
-
SSDEEP
6144:Xrcg1wmtpg5gyjAzY+1HXsK7wCCZPj2zDIY63Q62:bcZKz3FeVt3Q6
Malware Config
Extracted
lokibot
http://infres.in/okoye/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
66ba1cf701941ec97285cf498ab67b9b_JaffaCakes118
-
Size
564KB
-
MD5
66ba1cf701941ec97285cf498ab67b9b
-
SHA1
4be68c2581e02e36b0511792d8f564d8401ef5e7
-
SHA256
faa03d8c2d40970ea9355723cd5bc393b8223ca964b2cb79a9e8c104e4c2d8c6
-
SHA512
81f578c9b83db8cddd378fe26f20821e57d4f7a08d8eb9d7d1ee0356293c6a1c65ed76b1fd36598b61233ffe19791a9ae32b3d7021d4b73840111df7301de300
-
SSDEEP
6144:Xrcg1wmtpg5gyjAzY+1HXsK7wCCZPj2zDIY63Q62:bcZKz3FeVt3Q6
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-