General
-
Target
df6dc00a4ddd9eee48cf8c603d313e8e_JaffaCakes118
-
Size
926KB
-
Sample
240914-ea3daawbqf
-
MD5
df6dc00a4ddd9eee48cf8c603d313e8e
-
SHA1
65388712d073f18fe054bc78ff59d56d96398046
-
SHA256
a94ecd9f815adf74fc72003a8b1821367aad501fbac1b0ad5a7bcb3690548fdd
-
SHA512
dc18f525cae73f3c9443a4c24669723ac566e16e341819c2dc816fda694db46768e497a153fbaa3b05f94e2c1b135d62ec0e4c2de5d6b42a4f91f55b86fc8792
-
SSDEEP
12288:Jtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgayCfdAEKddnI2+46A:Jtb20pkaCqT5TBWgNQ7ayCfdABIN46A
Malware Config
Extracted
lokibot
http://155.94.211.199/nature/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
df6dc00a4ddd9eee48cf8c603d313e8e_JaffaCakes118
-
Size
926KB
-
MD5
df6dc00a4ddd9eee48cf8c603d313e8e
-
SHA1
65388712d073f18fe054bc78ff59d56d96398046
-
SHA256
a94ecd9f815adf74fc72003a8b1821367aad501fbac1b0ad5a7bcb3690548fdd
-
SHA512
dc18f525cae73f3c9443a4c24669723ac566e16e341819c2dc816fda694db46768e497a153fbaa3b05f94e2c1b135d62ec0e4c2de5d6b42a4f91f55b86fc8792
-
SSDEEP
12288:Jtb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgayCfdAEKddnI2+46A:Jtb20pkaCqT5TBWgNQ7ayCfdABIN46A
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext
-