General
-
Target
4c8c2cbbebfb23a7833b8be61fe1bd97_JaffaCakes118
-
Size
306KB
-
Sample
240716-dk4hnasbrq
-
MD5
4c8c2cbbebfb23a7833b8be61fe1bd97
-
SHA1
be009e8a358527aec4dc5ce769e0df18c8223587
-
SHA256
38808b0c27c49a59ba6d0abf74102335bf7cc28539cd5732034d06d0911eeef0
-
SHA512
1a0f795fedf32ed7af3c679458fcdcafb09eb5e47b3a04f375d2273bc8f5e5c84700856f84d11ce6d4f52fbf7beecd2d138953d35986d496630b4d2ccec15e23
-
SSDEEP
6144:a3+OvTMIjod6ggsxavZloY/BI7X8gIwDXK35Q+3HwOk42:a3+Ov4IkdLgseToYusgIwDHoz2
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=491
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4c8c2cbbebfb23a7833b8be61fe1bd97_JaffaCakes118
-
Size
306KB
-
MD5
4c8c2cbbebfb23a7833b8be61fe1bd97
-
SHA1
be009e8a358527aec4dc5ce769e0df18c8223587
-
SHA256
38808b0c27c49a59ba6d0abf74102335bf7cc28539cd5732034d06d0911eeef0
-
SHA512
1a0f795fedf32ed7af3c679458fcdcafb09eb5e47b3a04f375d2273bc8f5e5c84700856f84d11ce6d4f52fbf7beecd2d138953d35986d496630b4d2ccec15e23
-
SSDEEP
6144:a3+OvTMIjod6ggsxavZloY/BI7X8gIwDXK35Q+3HwOk42:a3+Ov4IkdLgseToYusgIwDHoz2
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-