General
-
Target
d25fc181130e4435d0d1740211718606_JaffaCakes118
-
Size
743KB
-
Sample
241207-pa8kea1rdv
-
MD5
d25fc181130e4435d0d1740211718606
-
SHA1
b34d8d6ed6f5aa85692f52e759726280c3d88baf
-
SHA256
d54aa1b12b9f0414be80ad07738eb0810a66651d7c21923d3b46787575f3954a
-
SHA512
0f482fba47eb2ef4dcff19aeb559c3cc2d8f0e80f5d0cd8f68874faa1978498bf17f2ade924c1c9caae7677d113636a4703970d3bb7c11ed3fd4356dc7fe835b
-
SSDEEP
12288:g3/HK7zSfK6iWerYwFFDkNATAOkWOYtEMj+MuGgUbjOIoJ2IdyIv+k0JBW7U+:N95WerzFyA3kWMlDGFby
Malware Config
Extracted
lokibot
http://manvim.co/fd14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d25fc181130e4435d0d1740211718606_JaffaCakes118
-
Size
743KB
-
MD5
d25fc181130e4435d0d1740211718606
-
SHA1
b34d8d6ed6f5aa85692f52e759726280c3d88baf
-
SHA256
d54aa1b12b9f0414be80ad07738eb0810a66651d7c21923d3b46787575f3954a
-
SHA512
0f482fba47eb2ef4dcff19aeb559c3cc2d8f0e80f5d0cd8f68874faa1978498bf17f2ade924c1c9caae7677d113636a4703970d3bb7c11ed3fd4356dc7fe835b
-
SSDEEP
12288:g3/HK7zSfK6iWerYwFFDkNATAOkWOYtEMj+MuGgUbjOIoJ2IdyIv+k0JBW7U+:N95WerzFyA3kWMlDGFby
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-