General
-
Target
bbfbda085e25a916cd854b912c821147_JaffaCakes118
-
Size
362KB
-
Sample
241203-ghfwcsykhr
-
MD5
bbfbda085e25a916cd854b912c821147
-
SHA1
ae56c17a8a8e42b810e9aa91c6ae841719008245
-
SHA256
1ca9fafe21bb096346d74200fe9857efbdc14c2fc69574d61926c5f8f2a92ac9
-
SHA512
bd0702f4771717632641eef18b508ab686c035b9dfcce7d6112373a78e5e5d8744c87dd344ec13268b9f4943d68358e7b5e516ba3f728f4c196e43a1b411fc1f
-
SSDEEP
6144:V99p6q1Eo/Ne0GL49Vl1jeHZyL4b8yvuDbLwVqCy6q+yxU/LVlNzNVQY+UG:V99p6q1Eo/N9GkPDGmDbyq7jU5lxNOY
Malware Config
Extracted
lokibot
https://ammachegroup.com/wap/wp-content/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
bbfbda085e25a916cd854b912c821147_JaffaCakes118
-
Size
362KB
-
MD5
bbfbda085e25a916cd854b912c821147
-
SHA1
ae56c17a8a8e42b810e9aa91c6ae841719008245
-
SHA256
1ca9fafe21bb096346d74200fe9857efbdc14c2fc69574d61926c5f8f2a92ac9
-
SHA512
bd0702f4771717632641eef18b508ab686c035b9dfcce7d6112373a78e5e5d8744c87dd344ec13268b9f4943d68358e7b5e516ba3f728f4c196e43a1b411fc1f
-
SSDEEP
6144:V99p6q1Eo/Ne0GL49Vl1jeHZyL4b8yvuDbLwVqCy6q+yxU/LVlNzNVQY+UG:V99p6q1Eo/N9GkPDGmDbyq7jU5lxNOY
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Drops startup file
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-