General
-
Target
0d7d12f5d5c67c9acddf2b1c92e9ac12_JaffaCakes118
-
Size
422KB
-
Sample
241003-cxsfgstele
-
MD5
0d7d12f5d5c67c9acddf2b1c92e9ac12
-
SHA1
52cea1e67867931c5afa1d155f76d26b0b7357a7
-
SHA256
7b16216ad750e077a93811972e7b7439d26a94c3535168eaea43e4b24ee13e6d
-
SHA512
557cfc2104c7b339a1a5bcf6e4ecf939216d5e4cb79a7be184a34c0b8d932427b65a96e3ac8914fad689ede12d1767bb70c7188348d9aafa72ef57e3f735644c
-
SSDEEP
6144:qFQQCyK2VVqT4Haf0SOizdRa7hWU+nv9vyUgEp90fTP02uZ5b5G:q+VyKRT46fXzdk7hWU+vByUz2fTM2uf8
Malware Config
Extracted
lokibot
http://lushbb.xyz/mtk2/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0d7d12f5d5c67c9acddf2b1c92e9ac12_JaffaCakes118
-
Size
422KB
-
MD5
0d7d12f5d5c67c9acddf2b1c92e9ac12
-
SHA1
52cea1e67867931c5afa1d155f76d26b0b7357a7
-
SHA256
7b16216ad750e077a93811972e7b7439d26a94c3535168eaea43e4b24ee13e6d
-
SHA512
557cfc2104c7b339a1a5bcf6e4ecf939216d5e4cb79a7be184a34c0b8d932427b65a96e3ac8914fad689ede12d1767bb70c7188348d9aafa72ef57e3f735644c
-
SSDEEP
6144:qFQQCyK2VVqT4Haf0SOizdRa7hWU+nv9vyUgEp90fTP02uZ5b5G:q+VyKRT46fXzdk7hWU+vByUz2fTM2uf8
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-