General
-
Target
64b65cc0153650b46ed88dc9826c7263_JaffaCakes118
-
Size
302KB
-
Sample
240722-zdpltaxand
-
MD5
64b65cc0153650b46ed88dc9826c7263
-
SHA1
5a01204c23baa7935e2a59bce1852b87e859e023
-
SHA256
5cd97e749ea3d1481ad62add267e319637107973253bc34a5c95770fe5be1256
-
SHA512
eaacd03dd67bdccb8d2d943e4864756695541037e438e1ac40569e397021fe3b938f743026beb8b1f5bade11ff1b2f995b42e61c226432b336516dfe780f0dd6
-
SSDEEP
6144:2ttwrERQ+3HwOXY1eGFAcLPewmj09wfU4PWAyoy0XRIYMEo12CRzTAOdO0:zESoXYxmpjCwfUK+obRa31/
Malware Config
Extracted
lokibot
http://checkvim.com/ga14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
64b65cc0153650b46ed88dc9826c7263_JaffaCakes118
-
Size
302KB
-
MD5
64b65cc0153650b46ed88dc9826c7263
-
SHA1
5a01204c23baa7935e2a59bce1852b87e859e023
-
SHA256
5cd97e749ea3d1481ad62add267e319637107973253bc34a5c95770fe5be1256
-
SHA512
eaacd03dd67bdccb8d2d943e4864756695541037e438e1ac40569e397021fe3b938f743026beb8b1f5bade11ff1b2f995b42e61c226432b336516dfe780f0dd6
-
SSDEEP
6144:2ttwrERQ+3HwOXY1eGFAcLPewmj09wfU4PWAyoy0XRIYMEo12CRzTAOdO0:zESoXYxmpjCwfUK+obRa31/
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-