General
-
Target
e54a9db2b6629d6d55e0220851e62ed4_JaffaCakes118
-
Size
557KB
-
Sample
241212-h62y6symcj
-
MD5
e54a9db2b6629d6d55e0220851e62ed4
-
SHA1
7c516644bc484dc19ffeb7e0662dae1b76feaec7
-
SHA256
0844761b0a4a73440e32f2d2f553f95c03ee0cdbaaaca00a054251fa70cf5598
-
SHA512
4a8508fadb8e4f852efede5d5f7a660b461b65fdd6abf84993e17b0376ec93cfa34a21362cbf11e0fb8f5f8010e3afab61baae1b02219f5560e28fb97aa3473b
-
SSDEEP
12288:OkJZ54DJW8rDJW8uAvuD8+e50C2TYJzIW/PyGMz9qkzMi6JjQ3t9aMAA5rrTY95s:JJZ54DJW8rDJW8uAvuD8+e50C2TYJzIR
Malware Config
Extracted
lokibot
https://publicspeaking.co.id/okoye/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e54a9db2b6629d6d55e0220851e62ed4_JaffaCakes118
-
Size
557KB
-
MD5
e54a9db2b6629d6d55e0220851e62ed4
-
SHA1
7c516644bc484dc19ffeb7e0662dae1b76feaec7
-
SHA256
0844761b0a4a73440e32f2d2f553f95c03ee0cdbaaaca00a054251fa70cf5598
-
SHA512
4a8508fadb8e4f852efede5d5f7a660b461b65fdd6abf84993e17b0376ec93cfa34a21362cbf11e0fb8f5f8010e3afab61baae1b02219f5560e28fb97aa3473b
-
SSDEEP
12288:OkJZ54DJW8rDJW8uAvuD8+e50C2TYJzIW/PyGMz9qkzMi6JjQ3t9aMAA5rrTY95s:JJZ54DJW8rDJW8uAvuD8+e50C2TYJzIR
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-