General
-
Target
78e0cdde02042c3b50ec90f43c8dcd47_JaffaCakes118
-
Size
320KB
-
Sample
240527-mqs4jsgf7x
-
MD5
78e0cdde02042c3b50ec90f43c8dcd47
-
SHA1
ccfd48e8ae00c5b6b95ed674941322bf61902116
-
SHA256
c991e16a877529eac5d4201a6a7b43805f189583f12f19391a0f03064c5c9012
-
SHA512
d6bba789b4ae950a29cd0dd1b9b57d51454c1ffaade3802db497977e2b147ca1087e5acddf44786502368e3d8185e834b46e1744c6c68b5f172660d208bea94e
-
SSDEEP
6144:FwXcMckA+777oXMdK88wc5ggGA9sX2ogV2P:Wj57fx78wxxA9sX2omW
Malware Config
Extracted
lokibot
http://efore.info/ochigo/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
78e0cdde02042c3b50ec90f43c8dcd47_JaffaCakes118
-
Size
320KB
-
MD5
78e0cdde02042c3b50ec90f43c8dcd47
-
SHA1
ccfd48e8ae00c5b6b95ed674941322bf61902116
-
SHA256
c991e16a877529eac5d4201a6a7b43805f189583f12f19391a0f03064c5c9012
-
SHA512
d6bba789b4ae950a29cd0dd1b9b57d51454c1ffaade3802db497977e2b147ca1087e5acddf44786502368e3d8185e834b46e1744c6c68b5f172660d208bea94e
-
SSDEEP
6144:FwXcMckA+777oXMdK88wc5ggGA9sX2ogV2P:Wj57fx78wxxA9sX2omW
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-