General
-
Target
d5b551f2fd484a7e753b9e5a1be50f98_JaffaCakes118
-
Size
216KB
-
Sample
240909-fxrezawckg
-
MD5
d5b551f2fd484a7e753b9e5a1be50f98
-
SHA1
b2bfca3fe8efe7db94c920297902dc534e3553fb
-
SHA256
c5014afe39d81f75feaa460358b21d94d502c7f20f8964aaf4d77da135dbfd64
-
SHA512
123189e7bb645c8bdefa56fb1f5890169365bc6e50b2ec6672d5e41e14385027109fffa4d452dc99999579bacc821a215febb1de6eaeba5236749a1d314f5ab5
-
SSDEEP
3072:21SCS9DpnjAMGTch6GPhOYMd6mR6juLAqQ/NosjHhoUz/7QlBh:TjAMqG5FpmiinDsjB7ih
Malware Config
Extracted
lokibot
http://fbcom.review/lo/five8/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d5b551f2fd484a7e753b9e5a1be50f98_JaffaCakes118
-
Size
216KB
-
MD5
d5b551f2fd484a7e753b9e5a1be50f98
-
SHA1
b2bfca3fe8efe7db94c920297902dc534e3553fb
-
SHA256
c5014afe39d81f75feaa460358b21d94d502c7f20f8964aaf4d77da135dbfd64
-
SHA512
123189e7bb645c8bdefa56fb1f5890169365bc6e50b2ec6672d5e41e14385027109fffa4d452dc99999579bacc821a215febb1de6eaeba5236749a1d314f5ab5
-
SSDEEP
3072:21SCS9DpnjAMGTch6GPhOYMd6mR6juLAqQ/NosjHhoUz/7QlBh:TjAMqG5FpmiinDsjB7ih
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-