General
-
Target
fa3879336266a329365a426b1f44b11c_JaffaCakes118
-
Size
354KB
-
Sample
241218-fsfgxavjat
-
MD5
fa3879336266a329365a426b1f44b11c
-
SHA1
010b399d2c69aad4dea7d594c1cc8d4cb37ace46
-
SHA256
06d334f41ed923dbeb5f0e08cac8c0d30294ceeb709b3f17f6803f1b204df7e2
-
SHA512
44e50c4667e812847d0c60ae8ee83c1ad2346ef0e9b2e83ffbfbe1857a204a65e02a387af04e57e920e7d0ddc11db3160774164987ce55e3ad5dc3b14f68af96
-
SSDEEP
6144:fsctHtaDxmUZfDUCi97fA+bNgyHE1ZTibzaeLfqajy1O6vV:/HtEAhCi9TiyHUYbnHjyXv
Malware Config
Extracted
lokibot
http://203.159.80.211/ocxz/oki/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fa3879336266a329365a426b1f44b11c_JaffaCakes118
-
Size
354KB
-
MD5
fa3879336266a329365a426b1f44b11c
-
SHA1
010b399d2c69aad4dea7d594c1cc8d4cb37ace46
-
SHA256
06d334f41ed923dbeb5f0e08cac8c0d30294ceeb709b3f17f6803f1b204df7e2
-
SHA512
44e50c4667e812847d0c60ae8ee83c1ad2346ef0e9b2e83ffbfbe1857a204a65e02a387af04e57e920e7d0ddc11db3160774164987ce55e3ad5dc3b14f68af96
-
SSDEEP
6144:fsctHtaDxmUZfDUCi97fA+bNgyHE1ZTibzaeLfqajy1O6vV:/HtEAhCi9TiyHUYbnHjyXv
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-