General
-
Target
fb73313456f2775e84d9fd60a6f49fd3_JaffaCakes118
-
Size
1.1MB
-
Sample
240928-efj4wsyaqg
-
MD5
fb73313456f2775e84d9fd60a6f49fd3
-
SHA1
b4e362530ff47da13b16f3a9d3be343b7f67e966
-
SHA256
b4b26e9ebba43ec5c968a67c744ef55cb02f075df6f4389b8e328282f4398a32
-
SHA512
7170ebbe7418a787ae36fc96497f71f5567771638e35572db79991d293517b3bfbc48bfb7e613f7cbedd69f6f00e6fab852cb2e86cbb751551227a72c98890f3
-
SSDEEP
24576:VCdxte/80jYLT3U1jfsWa4zcI3FmUNQJQ:8w80cTsjkWa4n
Malware Config
Extracted
lokibot
http://enormousslips.tk/gata/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fb73313456f2775e84d9fd60a6f49fd3_JaffaCakes118
-
Size
1.1MB
-
MD5
fb73313456f2775e84d9fd60a6f49fd3
-
SHA1
b4e362530ff47da13b16f3a9d3be343b7f67e966
-
SHA256
b4b26e9ebba43ec5c968a67c744ef55cb02f075df6f4389b8e328282f4398a32
-
SHA512
7170ebbe7418a787ae36fc96497f71f5567771638e35572db79991d293517b3bfbc48bfb7e613f7cbedd69f6f00e6fab852cb2e86cbb751551227a72c98890f3
-
SSDEEP
24576:VCdxte/80jYLT3U1jfsWa4zcI3FmUNQJQ:8w80cTsjkWa4n
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-