General
-
Target
3b1ab1fa50b9475058dba40918216b40_JaffaCakes118
-
Size
851KB
-
Sample
241012-vfe3yavfqr
-
MD5
3b1ab1fa50b9475058dba40918216b40
-
SHA1
9a4a30c0f1565df386b476f55c27ae9fcb15ade6
-
SHA256
4ef8b7089d21837f74af066be40110b30a9511f1a34ed054c7daf379858e5950
-
SHA512
685d5a445812c8e81a67984972c02bd7c2dc7edd19b2819970d90a7ac9bff47509a3064b4e47b67ca655adfa838ff99bcbc20e4b36e348509df5565689e2d371
-
SSDEEP
12288:6rP8HWnIZj7t6pvtdLO5wYIVqpbeQSi10NiWHK7zTzKbolS7F:682aj7tADGRI0fSPYrKboY
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/ADdkqqfZahlYB
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3b1ab1fa50b9475058dba40918216b40_JaffaCakes118
-
Size
851KB
-
MD5
3b1ab1fa50b9475058dba40918216b40
-
SHA1
9a4a30c0f1565df386b476f55c27ae9fcb15ade6
-
SHA256
4ef8b7089d21837f74af066be40110b30a9511f1a34ed054c7daf379858e5950
-
SHA512
685d5a445812c8e81a67984972c02bd7c2dc7edd19b2819970d90a7ac9bff47509a3064b4e47b67ca655adfa838ff99bcbc20e4b36e348509df5565689e2d371
-
SSDEEP
12288:6rP8HWnIZj7t6pvtdLO5wYIVqpbeQSi10NiWHK7zTzKbolS7F:682aj7tADGRI0fSPYrKboY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-