General
-
Target
ea60262c0e1534f3e65873fc9afa17be_JaffaCakes118
-
Size
510KB
-
Sample
240919-cbt27avelm
-
MD5
ea60262c0e1534f3e65873fc9afa17be
-
SHA1
5c6e6bef79ae2190f40a7408ef5a29134da94934
-
SHA256
bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af
-
SHA512
5c6dbaa973e99df19e2c2d110176e71476b22fc99c94a354602e80d8536e0ed3a604f08eb1a5fc2d8a10d0af486f66b57523ae8b374236ecda2d910dd9ec3f76
-
SSDEEP
6144:3wqWr6MsRXFSDSflsjzj2ri6iN5UC3xjed2PRPtd:g1g1SGtscEp3xaSj
Malware Config
Extracted
lokibot
http://umarguzardijye.com/work/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ea60262c0e1534f3e65873fc9afa17be_JaffaCakes118
-
Size
510KB
-
MD5
ea60262c0e1534f3e65873fc9afa17be
-
SHA1
5c6e6bef79ae2190f40a7408ef5a29134da94934
-
SHA256
bdc16a949929d5caa6544f103556848d54878c3c5ed4282e41f8f1f18ea343af
-
SHA512
5c6dbaa973e99df19e2c2d110176e71476b22fc99c94a354602e80d8536e0ed3a604f08eb1a5fc2d8a10d0af486f66b57523ae8b374236ecda2d910dd9ec3f76
-
SSDEEP
6144:3wqWr6MsRXFSDSflsjzj2ri6iN5UC3xjed2PRPtd:g1g1SGtscEp3xaSj
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-