General
-
Target
JaffaCakes118_8b8d1db730b0635bb4975f182eee543f
-
Size
343KB
-
Sample
250105-e367yatngp
-
MD5
8b8d1db730b0635bb4975f182eee543f
-
SHA1
625f7a0f32883bbf3c60e692755aefb9534acb7b
-
SHA256
ed53a9baa4291185d48c495074770cb91134ef8305196050013aabd9ee6720b4
-
SHA512
9685319493c54a2219376d83f95a7c490d834dd962ed0446b9f32a5c3de7e0e63a60eea7457e8f15e7937b879f92bdfdc246247ff165010d04363ad01c774d7e
-
SSDEEP
6144:K/HKWyEMduMuCTu9TIeRNPijzLdPCO8ekybGL3ooSQfUI:K/QEM1uCi9TIeDKjzLdPC2kSGLwQcI
Malware Config
Extracted
lokibot
http://checkvim.com/fd7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
JaffaCakes118_8b8d1db730b0635bb4975f182eee543f
-
Size
343KB
-
MD5
8b8d1db730b0635bb4975f182eee543f
-
SHA1
625f7a0f32883bbf3c60e692755aefb9534acb7b
-
SHA256
ed53a9baa4291185d48c495074770cb91134ef8305196050013aabd9ee6720b4
-
SHA512
9685319493c54a2219376d83f95a7c490d834dd962ed0446b9f32a5c3de7e0e63a60eea7457e8f15e7937b879f92bdfdc246247ff165010d04363ad01c774d7e
-
SSDEEP
6144:K/HKWyEMduMuCTu9TIeRNPijzLdPCO8ekybGL3ooSQfUI:K/QEM1uCi9TIeDKjzLdPC2kSGLwQcI
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-