General
-
Target
7ea8e54eca63a5d74ac8f89b8c2a411b_JaffaCakes118
-
Size
1.4MB
-
Sample
241030-lkyleasjbj
-
MD5
7ea8e54eca63a5d74ac8f89b8c2a411b
-
SHA1
a37b704c2b00df0de47b669935ffd4c843f044fc
-
SHA256
e27b7f328255fac900da86cfdf3f52890d51c263e53cf76d228c00b501c68047
-
SHA512
3926692bb0041f92a4610399ece15333b7e6753d8338d65032ee6994bcd1919d90623b5003b83840dbf844445738ea356a51720638206cfb5daee61de7421a8b
-
SSDEEP
12288:0ENc/E4JIdaaGIr659pv1PjTkkvDWZk2LblKRQdONPVi6H3Q6H+Uy1Susr8MmH3C:0+cx4nGI+XjhbIbJCNYZZS5R0cpCv
Malware Config
Extracted
lokibot
http://aboasu.xyz/dx/kk/koo.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7ea8e54eca63a5d74ac8f89b8c2a411b_JaffaCakes118
-
Size
1.4MB
-
MD5
7ea8e54eca63a5d74ac8f89b8c2a411b
-
SHA1
a37b704c2b00df0de47b669935ffd4c843f044fc
-
SHA256
e27b7f328255fac900da86cfdf3f52890d51c263e53cf76d228c00b501c68047
-
SHA512
3926692bb0041f92a4610399ece15333b7e6753d8338d65032ee6994bcd1919d90623b5003b83840dbf844445738ea356a51720638206cfb5daee61de7421a8b
-
SSDEEP
12288:0ENc/E4JIdaaGIr659pv1PjTkkvDWZk2LblKRQdONPVi6H3Q6H+Uy1Susr8MmH3C:0+cx4nGI+XjhbIbJCNYZZS5R0cpCv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-