General
-
Target
972ea21bdb9d9b419234b0666e902739_JaffaCakes118
-
Size
736KB
-
Sample
240605-exdy7sdh8t
-
MD5
972ea21bdb9d9b419234b0666e902739
-
SHA1
f2095de71cf874bc845607395699271b5b8208b4
-
SHA256
42eb0dd44af444b2b5096d4e0489887bb22eb454a6ed98665f0a87f68765ead7
-
SHA512
7deff799c6ceeb0509c136042f728430ba75574bf00183eec4f0f8a364884dafeb38128ab22a6b7ad8466373c1db51a2c3814a1d8ab9a706de346ff03b45b466
-
SSDEEP
12288:yF+OMgyD8YJK0dgAV1JEThWS/6X+YsssssCVVVVVqmmmmmaBi:yFdpf+pHV0ThWmFBi
Malware Config
Extracted
lokibot
http://streetviewer.xyz/mediar/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
972ea21bdb9d9b419234b0666e902739_JaffaCakes118
-
Size
736KB
-
MD5
972ea21bdb9d9b419234b0666e902739
-
SHA1
f2095de71cf874bc845607395699271b5b8208b4
-
SHA256
42eb0dd44af444b2b5096d4e0489887bb22eb454a6ed98665f0a87f68765ead7
-
SHA512
7deff799c6ceeb0509c136042f728430ba75574bf00183eec4f0f8a364884dafeb38128ab22a6b7ad8466373c1db51a2c3814a1d8ab9a706de346ff03b45b466
-
SSDEEP
12288:yF+OMgyD8YJK0dgAV1JEThWS/6X+YsssssCVVVVVqmmmmmaBi:yFdpf+pHV0ThWmFBi
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-