General
-
Target
c700731279dc3294e76a17a6f0269044_JaffaCakes118
-
Size
756KB
-
Sample
241205-lakxkaxrbx
-
MD5
c700731279dc3294e76a17a6f0269044
-
SHA1
354388e78fd21b7858772121ed7e24b6ac83b426
-
SHA256
4009f28116301020e1400a3840fd19700e544322564d62b03101c8b01c0bc8a3
-
SHA512
7cc6b825bb1bcf99376e9938945cb4bba8746005fa78e4c10bf21c9e019eefccc3084a3a46b467a7a434eb6af55e6baa1e21b825616c096effdc3d479d735ef1
-
SSDEEP
12288:hxgoFXSGcQGLID4zqnYN0rM+BMDyWWQFQTt9ZwGOzO1q3swiuj0v9Ggmn8zrqcDt:XhSGcQGLS0mY+M+BMxFQTt28J91v9GF8
Malware Config
Extracted
lokibot
http://manvim.co/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c700731279dc3294e76a17a6f0269044_JaffaCakes118
-
Size
756KB
-
MD5
c700731279dc3294e76a17a6f0269044
-
SHA1
354388e78fd21b7858772121ed7e24b6ac83b426
-
SHA256
4009f28116301020e1400a3840fd19700e544322564d62b03101c8b01c0bc8a3
-
SHA512
7cc6b825bb1bcf99376e9938945cb4bba8746005fa78e4c10bf21c9e019eefccc3084a3a46b467a7a434eb6af55e6baa1e21b825616c096effdc3d479d735ef1
-
SSDEEP
12288:hxgoFXSGcQGLID4zqnYN0rM+BMDyWWQFQTt9ZwGOzO1q3swiuj0v9Ggmn8zrqcDt:XhSGcQGLS0mY+M+BMxFQTt28J91v9GF8
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-