General
-
Target
8fb8dec6e12d4cb320e9a10f72f3dc1e_JaffaCakes118
-
Size
1.2MB
-
Sample
240602-2wfsqsbc25
-
MD5
8fb8dec6e12d4cb320e9a10f72f3dc1e
-
SHA1
181ca1109b42aa4ed4211acc3e802353d58063ba
-
SHA256
7882347c14ed4d3a27ac3aebde40400b1c662ae548abd1d9af165cfaf5205f34
-
SHA512
ba9a860e370dfeb8379dc62059ffed654b686fb2f303c89e83b7416818d20259c28dd74d0da7d953555dd0af3381c840c007c43f59e1f1cca5a0cd5ada5bef9b
-
SSDEEP
24576:PpogCDjzcHuCVB2S/rGmrNQUgQDWzbnmAAFudCrHwQ:P25j0jGqiUPDT62
Malware Config
Extracted
lokibot
http://xojine.tech/bulo2/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8fb8dec6e12d4cb320e9a10f72f3dc1e_JaffaCakes118
-
Size
1.2MB
-
MD5
8fb8dec6e12d4cb320e9a10f72f3dc1e
-
SHA1
181ca1109b42aa4ed4211acc3e802353d58063ba
-
SHA256
7882347c14ed4d3a27ac3aebde40400b1c662ae548abd1d9af165cfaf5205f34
-
SHA512
ba9a860e370dfeb8379dc62059ffed654b686fb2f303c89e83b7416818d20259c28dd74d0da7d953555dd0af3381c840c007c43f59e1f1cca5a0cd5ada5bef9b
-
SSDEEP
24576:PpogCDjzcHuCVB2S/rGmrNQUgQDWzbnmAAFudCrHwQ:P25j0jGqiUPDT62
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-