General
-
Target
b1845d27a5230f5985f73db643f4d265_JaffaCakes118
-
Size
348KB
-
Sample
240821-a4jqtavhnj
-
MD5
b1845d27a5230f5985f73db643f4d265
-
SHA1
ac2d96b93a45fe777a9980e064db215dc27276bc
-
SHA256
a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943
-
SHA512
88306d4d5a5edca892db5c7fa82b58ffd46d7f4982c7e2cd3c2f5461376b5d12dcd623f79e20e8fedf4090bc8e1f4804bfe3c391c91883ca026e8249b4cfb3f2
-
SSDEEP
6144:YMXnMvXXS4uPLw0wouPQ4Bnyomn5rtLAWn/5oHMRqUbnHa1DPoeO8s0/j:tXMXQ244q5RnBoHMVHKboevb
Malware Config
Extracted
lokibot
http://195.69.140.147/.op/cr.php/PGni9Nv586f9C
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Consignment Receipt_pdf.exe
-
Size
766KB
-
MD5
7e4562e0be997b4e5ed1a5c0b023c887
-
SHA1
a194bd8a5e589d7e8e04c4d7bd5bf778006bd491
-
SHA256
083e098c7a4893abdbb906f03b92dda1f54c469527f2f59eafca8f1176d2686f
-
SHA512
1ccca1135efaead3bbb866c318cf5f9a163131a3dada0450042994731084ced41ddd9836d608f11873e8bf1b62f56c2b9f227333bc3f84377d28805b6df95bfc
-
SSDEEP
12288:E38ZC2jTIBwgM9poZThtKyx12lwLxog3rChBQhwIRP15XR+76iVbm:WfzBw3PotKWR9h3On6t1676Z
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-