General
-
Target
e9f41ccc3ab37c564f8e733d497edbd8_JaffaCakes118
-
Size
224KB
-
Sample
241213-fdnjzaymft
-
MD5
e9f41ccc3ab37c564f8e733d497edbd8
-
SHA1
7afcc2b9022a0b83c936686dbe7d5e54a890de64
-
SHA256
227c68e21120251881438e05eb3c29d6f0e59d9e97b8e646707f74992773fde1
-
SHA512
2c1ffe427d62ef7e752f6f3d4676d1f554b69a6e418664b201d41905aaccd63aeee02326d7c18248163ee63e5cfea8a9cc1b3580ab9e1f6e1ff3b69e58ba9bde
-
SSDEEP
6144:+qR+/kikPwglnwZJJM8Z11D+pbmT0up9H:B+/kx9lnwzcplup9H
Malware Config
Extracted
lokibot
http://brokenethicalgod.ml/BN11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e9f41ccc3ab37c564f8e733d497edbd8_JaffaCakes118
-
Size
224KB
-
MD5
e9f41ccc3ab37c564f8e733d497edbd8
-
SHA1
7afcc2b9022a0b83c936686dbe7d5e54a890de64
-
SHA256
227c68e21120251881438e05eb3c29d6f0e59d9e97b8e646707f74992773fde1
-
SHA512
2c1ffe427d62ef7e752f6f3d4676d1f554b69a6e418664b201d41905aaccd63aeee02326d7c18248163ee63e5cfea8a9cc1b3580ab9e1f6e1ff3b69e58ba9bde
-
SSDEEP
6144:+qR+/kikPwglnwZJJM8Z11D+pbmT0up9H:B+/kx9lnwzcplup9H
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-