General
-
Target
ef03d6c77f9299473e82c6cccfefb0c3_JaffaCakes118
-
Size
506KB
-
Sample
240921-edyt9stdrf
-
MD5
ef03d6c77f9299473e82c6cccfefb0c3
-
SHA1
1038ba22fead7e33c82cc159feb340692a975096
-
SHA256
325a2e914289e94063ddb91a2cd54320c185917e8e78f760aaf54ad66d2f6523
-
SHA512
312785af42f51daaf3127dab36be0b3a4bbb1f1e4d136785fce39d8a01db7f606abd3e3933df234c28dabf4d215649eacc68355b0383853fde503bac461453cf
-
SSDEEP
12288:g+WhWEyIu3ErzRYi/ZxtbS3IWWq6Pk3HnnYhPsvKYRtUMe:gIRI3rzRv/JbS7Wq6WYAXRtUz
Malware Config
Targets
-
-
Target
ef03d6c77f9299473e82c6cccfefb0c3_JaffaCakes118
-
Size
506KB
-
MD5
ef03d6c77f9299473e82c6cccfefb0c3
-
SHA1
1038ba22fead7e33c82cc159feb340692a975096
-
SHA256
325a2e914289e94063ddb91a2cd54320c185917e8e78f760aaf54ad66d2f6523
-
SHA512
312785af42f51daaf3127dab36be0b3a4bbb1f1e4d136785fce39d8a01db7f606abd3e3933df234c28dabf4d215649eacc68355b0383853fde503bac461453cf
-
SSDEEP
12288:g+WhWEyIu3ErzRYi/ZxtbS3IWWq6Pk3HnnYhPsvKYRtUMe:gIRI3rzRv/JbS7Wq6WYAXRtUz
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-