General

  • Target

    04a83a27910bb38a273f9931e4b3f427_JaffaCakes118

  • Size

    256KB

  • Sample

    240328-nqtkrahb84

  • MD5

    04a83a27910bb38a273f9931e4b3f427

  • SHA1

    6d201cd44dc7603b62d9fc2ac59a8fc1004fd24d

  • SHA256

    7a2897fef479e95701e2bad18c6fe77b5015d3ce8238b754c6be142a54fe3348

  • SHA512

    b5d8b758e77adcccb32e5673c81fbc8a3f1b284a91f7fda80d9177a680b686ed3bd79493f89a1a80b4a7a13374d9c3fefab104d72363fdfe517c0c2906477f1b

  • SSDEEP

    6144:1TTu4itWvP8ZsgJxLIIVUr1vwAtx/ln11FfVynbrEFTs7:ytWH8egJp/VGhtxdVdI

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/ga13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Orden de compra # PO211021-01.pdf .exe

    • Size

      260KB

    • MD5

      653c45052385b5bad351581806de4f38

    • SHA1

      f6adc865cc361073fe55b81417d24f38438b4add

    • SHA256

      95c8860cd123f91b6ec65345fd59994acfa374df4a4fb89b73d57c1040b4e5a6

    • SHA512

      2f5eca2518f640956d9c3ce554e4d524606a97bdf4b5536cee99f9e5eddb142da33ea5fd340888dc386e226887ec1a58fc5d9aec5870ccafa47eda43b2382660

    • SSDEEP

      3072:W5aBMTi5rfeKYuIdC1xfHhXkEMKqau42Wdf+CNf4/AWaSkSJu98vd:PMTi5rG3S1pHhLfN2Wd/IADG8el

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks