General
-
Target
69c0691c823d07064b85f2a73f032c1d_JaffaCakes118
-
Size
774KB
-
Sample
240523-fa6alseb3v
-
MD5
69c0691c823d07064b85f2a73f032c1d
-
SHA1
f31c7a59e92cf197b9d7a404c5326f6513bbb7c0
-
SHA256
56f8dffbbc7642a2e2296c03de67dc88be87b745d17ce2cea9fd7d28fb00eff3
-
SHA512
4439f2e23e67dc6a37373922e7a8d426aae38deeb368a63d0bdc6e95a0d5670e13218ffd1291b2ec30f92a084219db998819742403349c63a687e6c8139a5702
-
SSDEEP
6144:Z4g24ZKDkyDMN5UfzlXI1sGlamp+1Mus4c1T0hG7yy5i3qSbs9wLhY7:1244tDrblY1Rlamhu0oqy74uL+
Malware Config
Extracted
lokibot
http://bloggingmarks.ga/cjay/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
69c0691c823d07064b85f2a73f032c1d_JaffaCakes118
-
Size
774KB
-
MD5
69c0691c823d07064b85f2a73f032c1d
-
SHA1
f31c7a59e92cf197b9d7a404c5326f6513bbb7c0
-
SHA256
56f8dffbbc7642a2e2296c03de67dc88be87b745d17ce2cea9fd7d28fb00eff3
-
SHA512
4439f2e23e67dc6a37373922e7a8d426aae38deeb368a63d0bdc6e95a0d5670e13218ffd1291b2ec30f92a084219db998819742403349c63a687e6c8139a5702
-
SSDEEP
6144:Z4g24ZKDkyDMN5UfzlXI1sGlamp+1Mus4c1T0hG7yy5i3qSbs9wLhY7:1244tDrblY1Rlamhu0oqy74uL+
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-