General
-
Target
87318f1d305066bd1c251de584450134_JaffaCakes118
-
Size
1.5MB
-
Sample
241102-xwvvfawjaq
-
MD5
87318f1d305066bd1c251de584450134
-
SHA1
bb62cc5d71ca13ec9e0563db3d18d8dde7148e5f
-
SHA256
82ced028321544147c1e5f7786aceb7037ab5e6dc418a5fb4bf2f2a075034837
-
SHA512
91820b45e444dc8cafabbe6a7dd4444d0bbe98e35090cf7bb91eb1c8147008796a0fc159b6e603610d77321d707d3d762ad06d25097d2577832ee380f069d81c
-
SSDEEP
12288:Opey3nridNTDpp2Z6f5q5I43rq9P1OHeeoNXYJQ6H+Uy1Susr8MmH3jw:OIy3ridRDpp26twHeeo5zZZS5R0
Malware Config
Extracted
lokibot
http://lokich.xyz/uu/so/ja.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
87318f1d305066bd1c251de584450134_JaffaCakes118
-
Size
1.5MB
-
MD5
87318f1d305066bd1c251de584450134
-
SHA1
bb62cc5d71ca13ec9e0563db3d18d8dde7148e5f
-
SHA256
82ced028321544147c1e5f7786aceb7037ab5e6dc418a5fb4bf2f2a075034837
-
SHA512
91820b45e444dc8cafabbe6a7dd4444d0bbe98e35090cf7bb91eb1c8147008796a0fc159b6e603610d77321d707d3d762ad06d25097d2577832ee380f069d81c
-
SSDEEP
12288:Opey3nridNTDpp2Z6f5q5I43rq9P1OHeeoNXYJQ6H+Uy1Susr8MmH3jw:OIy3ridRDpp26twHeeo5zZZS5R0
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-