General
-
Target
c25c4c9490accbfa61c63ad1410ed211_JaffaCakes118
-
Size
156KB
-
Sample
240826-f2zbdayerj
-
MD5
c25c4c9490accbfa61c63ad1410ed211
-
SHA1
b63c04a2f1560f5a47c41596754b9d246a4be690
-
SHA256
c724a532c4ca1716db09b49e3d502aff6c73afab8ef4c14400d11110e134a299
-
SHA512
602a284421803d20fe1ccd840b79f7833286df07067d583347a89944cba28142240956773b495267a1e245ecd63d146ed4085c01f9f8f126d7ef0569b33b1a3f
-
SSDEEP
3072:kN4YZ1HgxvHrkwv8bDzMObRmnTzukmaKmvYGrPX:kzivHAg8bDzr9mnXBGmvtPX
Malware Config
Extracted
lokibot
http://77.87.77.10/team1b/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c25c4c9490accbfa61c63ad1410ed211_JaffaCakes118
-
Size
156KB
-
MD5
c25c4c9490accbfa61c63ad1410ed211
-
SHA1
b63c04a2f1560f5a47c41596754b9d246a4be690
-
SHA256
c724a532c4ca1716db09b49e3d502aff6c73afab8ef4c14400d11110e134a299
-
SHA512
602a284421803d20fe1ccd840b79f7833286df07067d583347a89944cba28142240956773b495267a1e245ecd63d146ed4085c01f9f8f126d7ef0569b33b1a3f
-
SSDEEP
3072:kN4YZ1HgxvHrkwv8bDzMObRmnTzukmaKmvYGrPX:kzivHAg8bDzr9mnXBGmvtPX
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-