General

  • Target

    117ac974bd16d21864eef01b22879284_JaffaCakes118

  • Size

    244KB

  • Sample

    240328-15cxrsaf52

  • MD5

    117ac974bd16d21864eef01b22879284

  • SHA1

    116ef7167f80908f9efbeef01a8e5b54ae818fdb

  • SHA256

    9e35ad79445831eb81e9fb5db0d30ef4ccd09344c6360014b7dd360029f80946

  • SHA512

    54b29bbc50bbe333e4283c66d5eb193b1b4e06e317bc1c061fd125ac320c5df506d2ef91f4fd55ff344fc20bdd87ee61eaf81a47adeb949bd8fff63b1fb88a28

  • SSDEEP

    6144:wBlL/cCLFRgqyyZB2/wSmAeAuf6HW04FlMB8s8f:CeCLFRgEZBCiH/fP7FlMBQf

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=745675

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      117ac974bd16d21864eef01b22879284_JaffaCakes118

    • Size

      244KB

    • MD5

      117ac974bd16d21864eef01b22879284

    • SHA1

      116ef7167f80908f9efbeef01a8e5b54ae818fdb

    • SHA256

      9e35ad79445831eb81e9fb5db0d30ef4ccd09344c6360014b7dd360029f80946

    • SHA512

      54b29bbc50bbe333e4283c66d5eb193b1b4e06e317bc1c061fd125ac320c5df506d2ef91f4fd55ff344fc20bdd87ee61eaf81a47adeb949bd8fff63b1fb88a28

    • SSDEEP

      6144:wBlL/cCLFRgqyyZB2/wSmAeAuf6HW04FlMB8s8f:CeCLFRgEZBCiH/fP7FlMBQf

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/wcwgqz.dll

    • Size

      31KB

    • MD5

      80d99f635e51ae330208f46c57dc2e43

    • SHA1

      2978859ef3bc608f6887b54c0b2bd3320eb10d36

    • SHA256

      0bab94e43836296b8f55c1f4ca681674f269dcc448b5030118e334429b6565ef

    • SHA512

      aafe5a434f1e52261c238f8973f936f5a2e0883d553775344b1ac12be3a304a188dca5d9620331429c0e473017d91cd34301b9278ebe9c9d3186c835ca2c656a

    • SSDEEP

      768:jUfwwBuuI1BceTrkacQTYQoBsjQtBGM2+YNsm:jUf/Bub1BAJEYsj9MsN

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks