General
-
Target
a5b58e1905b6c01ef65523d2fd3ca76b_JaffaCakes118
-
Size
460KB
-
Sample
240613-qext5sthqm
-
MD5
a5b58e1905b6c01ef65523d2fd3ca76b
-
SHA1
3d20f1ce8318b8e8c0ba4d2a3fd28f739eef3da2
-
SHA256
435b529dcf9cd6b4e188258a0f18221ff40cc3b8e7ec573c194de0b010c1f062
-
SHA512
6df29a978dde02c86bc99dbf24066df2ca8be64446544fc446b0228451abbb37043c3d3acb9680ebe06802a9058ab53d456ff5352808483be91d859034bf1419
-
SSDEEP
6144:51/OnXYifjcF7RQmlbIIi/xpE1UcygKsT9hL+N6W2b6j05kb/kc0:n/OIifoFqmlbIb4KsXL2yb6Yvv
Malware Config
Extracted
lokibot
http://simbatekhomes.com/~zadmin/lmark/emma/link.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a5b58e1905b6c01ef65523d2fd3ca76b_JaffaCakes118
-
Size
460KB
-
MD5
a5b58e1905b6c01ef65523d2fd3ca76b
-
SHA1
3d20f1ce8318b8e8c0ba4d2a3fd28f739eef3da2
-
SHA256
435b529dcf9cd6b4e188258a0f18221ff40cc3b8e7ec573c194de0b010c1f062
-
SHA512
6df29a978dde02c86bc99dbf24066df2ca8be64446544fc446b0228451abbb37043c3d3acb9680ebe06802a9058ab53d456ff5352808483be91d859034bf1419
-
SSDEEP
6144:51/OnXYifjcF7RQmlbIIi/xpE1UcygKsT9hL+N6W2b6j05kb/kc0:n/OIifoFqmlbIb4KsXL2yb6Yvv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-