General

  • Target

    10397feb14b5e8aad2b1e8fd3686763c_JaffaCakes118

  • Size

    246KB

  • Sample

    240328-z4jhgsgg4w

  • MD5

    10397feb14b5e8aad2b1e8fd3686763c

  • SHA1

    c3ecf5f838bad309a49bcb27019ee8fb33fd3623

  • SHA256

    61469a1a12ec1dadb9f884a0f07c23d7de89e77cb687bb6919c555de6ca8dc22

  • SHA512

    4c5660562903bd04a1c3399768804661b49b3c4eb0c06f8a33b89a06c79ab2d8dcefb6ef46ddb9bc054fdeacde733c02f7060968349ed34edde3dafb1d8e570b

  • SSDEEP

    3072:AulhjgrOAFE8CpF3kmW9WtXm5tv4vmVQHboS9D98aShyuy6inoeZcECxc43E:FrjgrHGM81gtA+0Vx98aC3ScEWjE

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/fd4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      10397feb14b5e8aad2b1e8fd3686763c_JaffaCakes118

    • Size

      246KB

    • MD5

      10397feb14b5e8aad2b1e8fd3686763c

    • SHA1

      c3ecf5f838bad309a49bcb27019ee8fb33fd3623

    • SHA256

      61469a1a12ec1dadb9f884a0f07c23d7de89e77cb687bb6919c555de6ca8dc22

    • SHA512

      4c5660562903bd04a1c3399768804661b49b3c4eb0c06f8a33b89a06c79ab2d8dcefb6ef46ddb9bc054fdeacde733c02f7060968349ed34edde3dafb1d8e570b

    • SSDEEP

      3072:AulhjgrOAFE8CpF3kmW9WtXm5tv4vmVQHboS9D98aShyuy6inoeZcECxc43E:FrjgrHGM81gtA+0Vx98aC3ScEWjE

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks