General
-
Target
b314ffeadad8f768335cc37af54f24e3_JaffaCakes118
-
Size
496KB
-
Sample
240616-mqfs8azfpe
-
MD5
b314ffeadad8f768335cc37af54f24e3
-
SHA1
9c77a223aad2077b51af74a0f4414d049196859c
-
SHA256
06a99c8c2d0f15ecb6a646b082afff70f3f42f8f466e671b763af0c36e6a0c19
-
SHA512
fd13a07361eb9cf3c5fb35e044d1e4652d33c71a18fc8090e2bfba043698cc94922ca6d13c22627df4cc15b004d394a7523368560f4da9bb84f290a72ec63657
-
SSDEEP
6144:t45IXchR7WGkuDgimdreMMIRHXBT7KmIbtS1BQgkuTQ6WD3hrgp82xjDaTgB0f:tlGR6SDgiJIR3ByDzuTADxru9
Malware Config
Extracted
lokibot
http://gbedu.gq/obinna/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b314ffeadad8f768335cc37af54f24e3_JaffaCakes118
-
Size
496KB
-
MD5
b314ffeadad8f768335cc37af54f24e3
-
SHA1
9c77a223aad2077b51af74a0f4414d049196859c
-
SHA256
06a99c8c2d0f15ecb6a646b082afff70f3f42f8f466e671b763af0c36e6a0c19
-
SHA512
fd13a07361eb9cf3c5fb35e044d1e4652d33c71a18fc8090e2bfba043698cc94922ca6d13c22627df4cc15b004d394a7523368560f4da9bb84f290a72ec63657
-
SSDEEP
6144:t45IXchR7WGkuDgimdreMMIRHXBT7KmIbtS1BQgkuTQ6WD3hrgp82xjDaTgB0f:tlGR6SDgiJIR3ByDzuTADxru9
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-