General
-
Target
e086e5f7764c262bbb4d32fd18b06437_JaffaCakes118
-
Size
298KB
-
Sample
241211-jq4cqstmez
-
MD5
e086e5f7764c262bbb4d32fd18b06437
-
SHA1
9ee5cc45e7f322404084fabffa85ad1edd9044dd
-
SHA256
f23caf37ae944360657463d27df572d232fb5ef227d3ef753d1c6e6de80f12f9
-
SHA512
278bd03563c32e6f77cdb75dcae3fb8bcedd35b367576fd0cd9e0aca251f8072d2c5c58adff98d26ab6abf960c5dfb391efc67a2d4ff6d0af5760dd83651cebe
-
SSDEEP
6144:bGl/lR8NG27aiSeL5e/ehT0KiH3CewMgTIxF250N2a9ciFfZ:bGl/lmGWaH2hAz3UM8+RFB
Malware Config
Extracted
lokibot
http://everydaywegrind.ml/BN11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e086e5f7764c262bbb4d32fd18b06437_JaffaCakes118
-
Size
298KB
-
MD5
e086e5f7764c262bbb4d32fd18b06437
-
SHA1
9ee5cc45e7f322404084fabffa85ad1edd9044dd
-
SHA256
f23caf37ae944360657463d27df572d232fb5ef227d3ef753d1c6e6de80f12f9
-
SHA512
278bd03563c32e6f77cdb75dcae3fb8bcedd35b367576fd0cd9e0aca251f8072d2c5c58adff98d26ab6abf960c5dfb391efc67a2d4ff6d0af5760dd83651cebe
-
SSDEEP
6144:bGl/lR8NG27aiSeL5e/ehT0KiH3CewMgTIxF250N2a9ciFfZ:bGl/lmGWaH2hAz3UM8+RFB
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-