General
-
Target
9e4aff0d356eabfed9d38fac6210a8a0_JaffaCakes118
-
Size
104KB
-
Sample
240611-qfxkrsxhna
-
MD5
9e4aff0d356eabfed9d38fac6210a8a0
-
SHA1
ea9f645baba2ba9ef102c2f06b47b7f490571115
-
SHA256
1582c37ba4f49b5ec7ea5af41f35887516248ebcd1b890e047d9567201c46e03
-
SHA512
c163c6f7bfb335643a0f4498414ff321f0b3687c15ff0e78b9ae397ad90e9889383608cb07352d4a2442485f491720dc38c4cf1eedcd5c70bef6447c0192ac26
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Malware Config
Extracted
lokibot
http://plasplupunion.com/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9e4aff0d356eabfed9d38fac6210a8a0_JaffaCakes118
-
Size
104KB
-
MD5
9e4aff0d356eabfed9d38fac6210a8a0
-
SHA1
ea9f645baba2ba9ef102c2f06b47b7f490571115
-
SHA256
1582c37ba4f49b5ec7ea5af41f35887516248ebcd1b890e047d9567201c46e03
-
SHA512
c163c6f7bfb335643a0f4498414ff321f0b3687c15ff0e78b9ae397ad90e9889383608cb07352d4a2442485f491720dc38c4cf1eedcd5c70bef6447c0192ac26
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-