General
-
Target
9e7c714c36f72bfcd15a4780f8824396_JaffaCakes118
-
Size
976KB
-
Sample
240611-rngpyszgrn
-
MD5
9e7c714c36f72bfcd15a4780f8824396
-
SHA1
a0d3124a2473ce0829b265c866c2fcb15cc956cb
-
SHA256
b01471cd5e20b4b600d1e28ac7b2d52f99044f26f4863c8ddebca08636354499
-
SHA512
164bc479b2324a8d19b27ad0760c8c66840704b3ba779b6c2700db7a23e5a3421602bff45e47da5b07633fda7127f924045960329d8ba3089bd6083fa5840619
-
SSDEEP
24576:mtb20pkaCqT5TBWgNQ7aTsZxaDSb9KhSpV6A:TVg5tQ7aTmHshSX5
Malware Config
Extracted
lokibot
http://maxthon.duckdns.org:6060/office/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9e7c714c36f72bfcd15a4780f8824396_JaffaCakes118
-
Size
976KB
-
MD5
9e7c714c36f72bfcd15a4780f8824396
-
SHA1
a0d3124a2473ce0829b265c866c2fcb15cc956cb
-
SHA256
b01471cd5e20b4b600d1e28ac7b2d52f99044f26f4863c8ddebca08636354499
-
SHA512
164bc479b2324a8d19b27ad0760c8c66840704b3ba779b6c2700db7a23e5a3421602bff45e47da5b07633fda7127f924045960329d8ba3089bd6083fa5840619
-
SSDEEP
24576:mtb20pkaCqT5TBWgNQ7aTsZxaDSb9KhSpV6A:TVg5tQ7aTmHshSX5
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-