General
-
Target
70542ccca84e9ee1bd98c0e95be08ae6_JaffaCakes118
-
Size
489KB
-
Sample
241023-xge6faxarn
-
MD5
70542ccca84e9ee1bd98c0e95be08ae6
-
SHA1
b1e1012aaa967f4748f706c1a8e89bbe69daa018
-
SHA256
5f100972de9223b65fbed051a55f1bb7c6a16a1f6d3864d43d7da83569338ba2
-
SHA512
9074743a22ba45bbbbf6106d4ce0a52e0a4939ed0ca1c66066106848b9db0db213aef907b907913cecaf6b2a60408cd85fe19c0ad1e59cc045b6eeac1332ed9f
-
SSDEEP
6144:zmlLpr8tx3DAZe4S20cyRtmXO5PJd9ArMOvoUsoILZofLL2XQNGBdfzvPl:zYLpQtx3k3zgeenTEMSFs+j9MzN
Malware Config
Extracted
lokibot
http://arku.xyz/tkrr/T1/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
70542ccca84e9ee1bd98c0e95be08ae6_JaffaCakes118
-
Size
489KB
-
MD5
70542ccca84e9ee1bd98c0e95be08ae6
-
SHA1
b1e1012aaa967f4748f706c1a8e89bbe69daa018
-
SHA256
5f100972de9223b65fbed051a55f1bb7c6a16a1f6d3864d43d7da83569338ba2
-
SHA512
9074743a22ba45bbbbf6106d4ce0a52e0a4939ed0ca1c66066106848b9db0db213aef907b907913cecaf6b2a60408cd85fe19c0ad1e59cc045b6eeac1332ed9f
-
SSDEEP
6144:zmlLpr8tx3DAZe4S20cyRtmXO5PJd9ArMOvoUsoILZofLL2XQNGBdfzvPl:zYLpQtx3k3zgeenTEMSFs+j9MzN
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-