General
-
Target
cbe28211ccb33de6bfbadd4fe801f1f0_JaffaCakes118
-
Size
947KB
-
Sample
241206-jspx5axmct
-
MD5
cbe28211ccb33de6bfbadd4fe801f1f0
-
SHA1
c48b0920ba26e48b4c76327e3a537cdc2d9c2d40
-
SHA256
98a1743d70be4d658c224d74d0ed47fe330c212ac90f1ed17d48daea53500d7e
-
SHA512
8693a112a547411c4100343ee9ae5da43293e9fd2666a12d9a84ad7f30c6d266e2d74b97ecbdbe9bdcdd6e826b5810bc547ed6037e26ce700d87197324ba0536
-
SSDEEP
24576:1rWf0VD0zzLx7iKpuSAvPOLziOH1glV2:1rBVA/Lx7ruSAvW3T1ga
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/ADdkqqfZahlYB
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cbe28211ccb33de6bfbadd4fe801f1f0_JaffaCakes118
-
Size
947KB
-
MD5
cbe28211ccb33de6bfbadd4fe801f1f0
-
SHA1
c48b0920ba26e48b4c76327e3a537cdc2d9c2d40
-
SHA256
98a1743d70be4d658c224d74d0ed47fe330c212ac90f1ed17d48daea53500d7e
-
SHA512
8693a112a547411c4100343ee9ae5da43293e9fd2666a12d9a84ad7f30c6d266e2d74b97ecbdbe9bdcdd6e826b5810bc547ed6037e26ce700d87197324ba0536
-
SSDEEP
24576:1rWf0VD0zzLx7iKpuSAvPOLziOH1glV2:1rBVA/Lx7ruSAvW3T1ga
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-