General
-
Target
6c52d4ac58d12a79af1db28e7681422e_JaffaCakes118
-
Size
3.8MB
-
Sample
241022-3fwdxs1hjl
-
MD5
6c52d4ac58d12a79af1db28e7681422e
-
SHA1
c40bcdede70d654b628fe1222b2b569aa17f7eeb
-
SHA256
22ba90819c41ffb51e23155a1bb5760d8d07ac85990503652930443dda17831d
-
SHA512
37260ff6b2bedec23bdbdf920f3f65b8f09a396b933da45a6731ca2386a28142edf5275f6cf9f253e64a5b68981d34c53f2308b98aee0e7493cc7f5163a4417b
-
SSDEEP
98304:X6ndCmrnNkMSV6W5dhw/sZ0racC2YC1BT:X6nsmrNajKRnJ
Malware Config
Extracted
lokibot
http://phoenixdevs.ir/wp-includes/bb/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6c52d4ac58d12a79af1db28e7681422e_JaffaCakes118
-
Size
3.8MB
-
MD5
6c52d4ac58d12a79af1db28e7681422e
-
SHA1
c40bcdede70d654b628fe1222b2b569aa17f7eeb
-
SHA256
22ba90819c41ffb51e23155a1bb5760d8d07ac85990503652930443dda17831d
-
SHA512
37260ff6b2bedec23bdbdf920f3f65b8f09a396b933da45a6731ca2386a28142edf5275f6cf9f253e64a5b68981d34c53f2308b98aee0e7493cc7f5163a4417b
-
SSDEEP
98304:X6ndCmrnNkMSV6W5dhw/sZ0racC2YC1BT:X6nsmrNajKRnJ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-