General
-
Target
97c2ac216ea32589bf8b0118f5eb2438_JaffaCakes118
-
Size
966KB
-
Sample
240605-lj5nbsca9t
-
MD5
97c2ac216ea32589bf8b0118f5eb2438
-
SHA1
7a19aad88da0fa4525dfb05b6c75e2f414b7ef32
-
SHA256
28e7f33bf34d17f4744ca5323789debecd561485d6ce3974fd9898dfdb098ccb
-
SHA512
ec733fd1f83af59691c7416bfb378c317687c2a3ce03c33b9658136d4374e603bcbfa460d865f46c20971d364ae9fa5034efad6b2cce253115df42f44ee7eb52
-
SSDEEP
24576:IuiHAZIqJvokl5gXj4PxCP3OzfB7JBOmb:IuiHkvYWD8c
Malware Config
Extracted
lokibot
https://thammyvienanthea.com/playtime/playbook/onelove/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
97c2ac216ea32589bf8b0118f5eb2438_JaffaCakes118
-
Size
966KB
-
MD5
97c2ac216ea32589bf8b0118f5eb2438
-
SHA1
7a19aad88da0fa4525dfb05b6c75e2f414b7ef32
-
SHA256
28e7f33bf34d17f4744ca5323789debecd561485d6ce3974fd9898dfdb098ccb
-
SHA512
ec733fd1f83af59691c7416bfb378c317687c2a3ce03c33b9658136d4374e603bcbfa460d865f46c20971d364ae9fa5034efad6b2cce253115df42f44ee7eb52
-
SSDEEP
24576:IuiHAZIqJvokl5gXj4PxCP3OzfB7JBOmb:IuiHkvYWD8c
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-