General
-
Target
92ddbbfb4cfc70cb8d61f7b1e1687cc8_JaffaCakes118
-
Size
500KB
-
Sample
240603-2p7b4sbh4v
-
MD5
92ddbbfb4cfc70cb8d61f7b1e1687cc8
-
SHA1
9947a02e17d680b80711fd0ce8b38c8bdaa02cc1
-
SHA256
d10761de0d9dc5f358f4e21b2da188f48b2e3b47a919f1d57c9535729007d096
-
SHA512
84ec63794d05eb4f4c1188160a2e2b635af75932d87cffa8fb8bab1f05094840c02db4dd2b079ea02f57af6c6bc72567a5e58ef2c4cdff1f3cfe342a0e2d0109
-
SSDEEP
3072:sWgfSNPG6VfYQ31hcZwwZiFvoMv6viCFXo11qeKqEBxZ7VgB:8YGocpixB6a4XS13Ru7Vg
Malware Config
Extracted
lokibot
http://automatia.in/cjay/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
92ddbbfb4cfc70cb8d61f7b1e1687cc8_JaffaCakes118
-
Size
500KB
-
MD5
92ddbbfb4cfc70cb8d61f7b1e1687cc8
-
SHA1
9947a02e17d680b80711fd0ce8b38c8bdaa02cc1
-
SHA256
d10761de0d9dc5f358f4e21b2da188f48b2e3b47a919f1d57c9535729007d096
-
SHA512
84ec63794d05eb4f4c1188160a2e2b635af75932d87cffa8fb8bab1f05094840c02db4dd2b079ea02f57af6c6bc72567a5e58ef2c4cdff1f3cfe342a0e2d0109
-
SSDEEP
3072:sWgfSNPG6VfYQ31hcZwwZiFvoMv6viCFXo11qeKqEBxZ7VgB:8YGocpixB6a4XS13Ru7Vg
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-