General
-
Target
JaffaCakes118_f2b0b0c3a1df878a36acb0736b8e2ccf
-
Size
427KB
-
Sample
250111-a6mkgsxrhm
-
MD5
f2b0b0c3a1df878a36acb0736b8e2ccf
-
SHA1
fd0627cf9a06fac3a9bbd34d736718e0fe0db2e0
-
SHA256
fbf42fc8b79fc13e42f52d0b8c3a390290229ca1a4f59e84ac0c971ea69dfed3
-
SHA512
5eb03f0052cb36c1434dbf865f36d50b9d8ea438fedec629304ac5719aa3dc68ad9b617b83403fd95070533b2ccd3601902d8d9e318402e73f33733754bd61ef
-
SSDEEP
6144:CGxhLlI+BvRijL3IfOTfBUoCE0e0eDHHMTzKcnna:LaSw0fONUVE04DOKc
Malware Config
Extracted
lokibot
http://bobbyelectronics.xyz/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
JaffaCakes118_f2b0b0c3a1df878a36acb0736b8e2ccf
-
Size
427KB
-
MD5
f2b0b0c3a1df878a36acb0736b8e2ccf
-
SHA1
fd0627cf9a06fac3a9bbd34d736718e0fe0db2e0
-
SHA256
fbf42fc8b79fc13e42f52d0b8c3a390290229ca1a4f59e84ac0c971ea69dfed3
-
SHA512
5eb03f0052cb36c1434dbf865f36d50b9d8ea438fedec629304ac5719aa3dc68ad9b617b83403fd95070533b2ccd3601902d8d9e318402e73f33733754bd61ef
-
SSDEEP
6144:CGxhLlI+BvRijL3IfOTfBUoCE0e0eDHHMTzKcnna:LaSw0fONUVE04DOKc
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-