General
-
Target
4de031b0e07cc2957959b7937401875c_JaffaCakes118
-
Size
591KB
-
Sample
240716-marwjsxepm
-
MD5
4de031b0e07cc2957959b7937401875c
-
SHA1
1f21ceb6de1a8eeaac4520a91159c256318e2aa3
-
SHA256
82c1e0a768dad2802252b6f09c7163d68f5c6b337137bf5b374939df64e3befd
-
SHA512
8854fef09e896ed6ff0592ae69354d8a8ef6705e4b80dde3c82da61b5a0176ce1c5fc6a5fff997306d1d5686462485652a66a814cc051a81d6f62a4f2d483ad1
-
SSDEEP
12288:UX5kJkXkTYgapI5UTAnANWBGvWK521QEloApCJWX0FSxXPz:KSbYgtnANWBqSXp8WX0Ax7
Malware Config
Extracted
lokibot
http://or-logistlcs.com/zoro/zoro1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4de031b0e07cc2957959b7937401875c_JaffaCakes118
-
Size
591KB
-
MD5
4de031b0e07cc2957959b7937401875c
-
SHA1
1f21ceb6de1a8eeaac4520a91159c256318e2aa3
-
SHA256
82c1e0a768dad2802252b6f09c7163d68f5c6b337137bf5b374939df64e3befd
-
SHA512
8854fef09e896ed6ff0592ae69354d8a8ef6705e4b80dde3c82da61b5a0176ce1c5fc6a5fff997306d1d5686462485652a66a814cc051a81d6f62a4f2d483ad1
-
SSDEEP
12288:UX5kJkXkTYgapI5UTAnANWBGvWK521QEloApCJWX0FSxXPz:KSbYgtnANWBqSXp8WX0Ax7
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-