General
-
Target
79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118
-
Size
512KB
-
Sample
240527-vfas8abh34
-
MD5
79d1c8d13e8bb5c694d07e6471f9db57
-
SHA1
231677689b7e2f0b1aa0cfdd190d47462a5279b9
-
SHA256
deb9ffc5dbe5a8b0beb10318f8cfa635ed58507056908e017e82dfda950bf3f9
-
SHA512
808240029755b182c9491668ff177e606f7d7a513f2cc535397816c847808e738aa0a8e4be57f2166293c8795756a81300c9c40d869ffb5eff2c2e8e9db0363b
-
SSDEEP
6144:MEja+qQBv6voU7lpBJjPK22eC+Ic6LRWwp9porgB1O2/BCxBE4+/u4x/HLUWy4+d:MEjmQB6lpJ2eC6wu2yE4yZx/HwrK4
Malware Config
Extracted
lokibot
http://31.220.2.200/~justicet/ag/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118
-
Size
512KB
-
MD5
79d1c8d13e8bb5c694d07e6471f9db57
-
SHA1
231677689b7e2f0b1aa0cfdd190d47462a5279b9
-
SHA256
deb9ffc5dbe5a8b0beb10318f8cfa635ed58507056908e017e82dfda950bf3f9
-
SHA512
808240029755b182c9491668ff177e606f7d7a513f2cc535397816c847808e738aa0a8e4be57f2166293c8795756a81300c9c40d869ffb5eff2c2e8e9db0363b
-
SSDEEP
6144:MEja+qQBv6voU7lpBJjPK22eC+Ic6LRWwp9porgB1O2/BCxBE4+/u4x/HLUWy4+d:MEjmQB6lpJ2eC6wu2yE4yZx/HwrK4
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-