General
-
Target
828e0fbb16f93615b6469946e7f7c3ec_JaffaCakes118
-
Size
769KB
-
Sample
240530-a65q3ahc29
-
MD5
828e0fbb16f93615b6469946e7f7c3ec
-
SHA1
3242a2061ac325142952488b0a072c5c476da036
-
SHA256
40c3acdd2174f812c9afe8a9c416642f80cbb461e7a4c061ec3307048c1a1c07
-
SHA512
c83c644b342ec4ee9fd9d6935cb8efc8cfcc79814b583bfaeae33cdc7b03c5ef887c738a47b008b8a9d02f4b1b72d34af72c215b1cac100c7ec15bd11976a09c
-
SSDEEP
24576:pK/AsNDvLZfTbx/uwf9R99BoUybYeLf+akZ:4dNDvLZ0cR992Uyb2
Malware Config
Extracted
lokibot
http://ogaces.ru/michelle/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
828e0fbb16f93615b6469946e7f7c3ec_JaffaCakes118
-
Size
769KB
-
MD5
828e0fbb16f93615b6469946e7f7c3ec
-
SHA1
3242a2061ac325142952488b0a072c5c476da036
-
SHA256
40c3acdd2174f812c9afe8a9c416642f80cbb461e7a4c061ec3307048c1a1c07
-
SHA512
c83c644b342ec4ee9fd9d6935cb8efc8cfcc79814b583bfaeae33cdc7b03c5ef887c738a47b008b8a9d02f4b1b72d34af72c215b1cac100c7ec15bd11976a09c
-
SSDEEP
24576:pK/AsNDvLZfTbx/uwf9R99BoUybYeLf+akZ:4dNDvLZ0cR992Uyb2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-