General
-
Target
JaffaCakes118_a5ad00e076df522a7002ec00b4531bae
-
Size
284KB
-
Sample
250108-xeb11a1lgk
-
MD5
a5ad00e076df522a7002ec00b4531bae
-
SHA1
4ef9bf3b45770b2ccc863165c35278bc2a546565
-
SHA256
86319581747b4164071c0364257eb113bcb5165ee6a8a92c19b0cbda54be46f9
-
SHA512
2ca9478b872b28965db53c04123bb36e03cac01126e57ec25458e7782a430ce372a6aaa7bb9409b6387825fe346d0fe662c732da8f55bae8730c7300e442f897
-
SSDEEP
6144:3n6wx3KkSK6fxT0w37GMg0i6v9TCP86tUa0E6yBbvH3:36w5Kkd6ZTNlFdvdktLH6yBb/
Malware Config
Extracted
lokibot
http://secure01-redirect.net/ga13/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
JaffaCakes118_a5ad00e076df522a7002ec00b4531bae
-
Size
284KB
-
MD5
a5ad00e076df522a7002ec00b4531bae
-
SHA1
4ef9bf3b45770b2ccc863165c35278bc2a546565
-
SHA256
86319581747b4164071c0364257eb113bcb5165ee6a8a92c19b0cbda54be46f9
-
SHA512
2ca9478b872b28965db53c04123bb36e03cac01126e57ec25458e7782a430ce372a6aaa7bb9409b6387825fe346d0fe662c732da8f55bae8730c7300e442f897
-
SSDEEP
6144:3n6wx3KkSK6fxT0w37GMg0i6v9TCP86tUa0E6yBbvH3:36w5Kkd6ZTNlFdvdktLH6yBb/
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-