General

  • Target

    0e4341c9a5313d6fef6c9bd393205f62_JaffaCakes118

  • Size

    260KB

  • Sample

    240328-ycejsaef4y

  • MD5

    0e4341c9a5313d6fef6c9bd393205f62

  • SHA1

    9dc88ea9a8d25cdfe71cba9ca68606bbcbd0b7e9

  • SHA256

    267f82d54d53b588e073aa8e00afa3f6f83997c6de1ab089bccb49f1a18e73dd

  • SHA512

    731740831634352a46a552f1d0eede33b3b1f41ba2dcb5117e7ac298c9d8a5108ec231d62fa6c2b1a1c7413abf5aa04453cfa4ad886d775b1903cc83ca690c81

  • SSDEEP

    6144:JAzC5bhwhF1Wt4lwIPWqzxWOiDIADG8el:JYC5bhAlwIYxD

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=386869

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0e4341c9a5313d6fef6c9bd393205f62_JaffaCakes118

    • Size

      260KB

    • MD5

      0e4341c9a5313d6fef6c9bd393205f62

    • SHA1

      9dc88ea9a8d25cdfe71cba9ca68606bbcbd0b7e9

    • SHA256

      267f82d54d53b588e073aa8e00afa3f6f83997c6de1ab089bccb49f1a18e73dd

    • SHA512

      731740831634352a46a552f1d0eede33b3b1f41ba2dcb5117e7ac298c9d8a5108ec231d62fa6c2b1a1c7413abf5aa04453cfa4ad886d775b1903cc83ca690c81

    • SSDEEP

      6144:JAzC5bhwhF1Wt4lwIPWqzxWOiDIADG8el:JYC5bhAlwIYxD

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks