General
-
Target
da8a93ada0a33e6df7f52f8a7c1726b1_JaffaCakes118
-
Size
246KB
-
Sample
241209-t4c3tatnhw
-
MD5
da8a93ada0a33e6df7f52f8a7c1726b1
-
SHA1
8d8e16b0b31c8c9f3ec17724c356ac3e8fe7eb2f
-
SHA256
324d549fb7b9999aa0e6fb8a6824f7a05fe5f1f21d76fb2d360cb34c56eb1995
-
SHA512
072112f826a05f76d680bc7255c67fd12bad22c4cf18589e6f109f3ff768b7536a9b0d872da32452328b5e096103bd1c1f1f174bae35d6d4bf1d95d2d7db9511
-
SSDEEP
6144:4Bs7vgkXyKtiNclZqZbqCFAmk6j7v10X2YPxHdD1QsW+z3f:4BtUyKMDqaHj7N0ZPH1QsW+b
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/B0MWbknI2Z7T2
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
da8a93ada0a33e6df7f52f8a7c1726b1_JaffaCakes118
-
Size
246KB
-
MD5
da8a93ada0a33e6df7f52f8a7c1726b1
-
SHA1
8d8e16b0b31c8c9f3ec17724c356ac3e8fe7eb2f
-
SHA256
324d549fb7b9999aa0e6fb8a6824f7a05fe5f1f21d76fb2d360cb34c56eb1995
-
SHA512
072112f826a05f76d680bc7255c67fd12bad22c4cf18589e6f109f3ff768b7536a9b0d872da32452328b5e096103bd1c1f1f174bae35d6d4bf1d95d2d7db9511
-
SSDEEP
6144:4Bs7vgkXyKtiNclZqZbqCFAmk6j7v10X2YPxHdD1QsW+z3f:4BtUyKMDqaHj7N0ZPH1QsW+b
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-