Overview

overview

10

Static

static

3

048eaf8f6f...18.exe

windows7-x64

10

048eaf8f6f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    048eaf8f6f8f1567d67edb4a582cb021_JaffaCakes118

  • Size

    736KB

  • Sample

    240428-g3pc8sab2x

  • MD5

    048eaf8f6f8f1567d67edb4a582cb021

  • SHA1

    6bc4822a95c1d375b544df6bc1a566f1393ba598

  • SHA256

    32c89c8e6ab723536e2bf3c53339cc95d8b97b6a6885565823c98c6c68f8b41b

  • SHA512

    4cf073a8c9bd0487f3f4a25dca9f6dbcf9adad2d0c9cba992d4a9a1f5ee4b98e21f5079e33b93812c49cc0b2cf7191a9063ce93ec52d32a0dea129b9a784ed3d

  • SSDEEP

    12288:sovmIajF26wPUD5MvCaGyba91k6ctu3HGqv6LPwtlRJjahSSsk9cp8wYMbOCSuoz:sovmIYFSPUD5Mv/L6ctu3HGqv6LPSlzw

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://37.72.168.229/cane/come/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      048eaf8f6f8f1567d67edb4a582cb021_JaffaCakes118

    • Size

      736KB

    • MD5

      048eaf8f6f8f1567d67edb4a582cb021

    • SHA1

      6bc4822a95c1d375b544df6bc1a566f1393ba598

    • SHA256

      32c89c8e6ab723536e2bf3c53339cc95d8b97b6a6885565823c98c6c68f8b41b

    • SHA512

      4cf073a8c9bd0487f3f4a25dca9f6dbcf9adad2d0c9cba992d4a9a1f5ee4b98e21f5079e33b93812c49cc0b2cf7191a9063ce93ec52d32a0dea129b9a784ed3d

    • SSDEEP

      12288:sovmIajF26wPUD5MvCaGyba91k6ctu3HGqv6LPwtlRJjahSSsk9cp8wYMbOCSuoz:sovmIYFSPUD5Mv/L6ctu3HGqv6LPSlzw

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks