General

  • Target

    1378bd2ce25200fe533c9b8260af8525_JaffaCakes118

  • Size

    243KB

  • Sample

    240329-af7sqsch68

  • MD5

    1378bd2ce25200fe533c9b8260af8525

  • SHA1

    6c77a4cb56aa3a32d31e6b03abf8ef483a58b430

  • SHA256

    e7ed6e5c4717d05c2747e1a54b305de79e47be09e8c29c5b641ac4e5cc73acc3

  • SHA512

    260a7ddc7d567eaa2e613185764da35cc617cc81f583e6c5227ffaba65591fa0804155b588c0e58d8a2b2a8136e5a95703d7648da9fc40553b321dcd55358c68

  • SSDEEP

    6144:wBlL/cof5JCBqNjqbVGnw4Jgc+4t7a+YsB5:Ce6OAYGnw4Jggda+V

Malware Config

Extracted

Family

lokibot

C2

http://136.243.159.53/~element/page.php?id=488

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1378bd2ce25200fe533c9b8260af8525_JaffaCakes118

    • Size

      243KB

    • MD5

      1378bd2ce25200fe533c9b8260af8525

    • SHA1

      6c77a4cb56aa3a32d31e6b03abf8ef483a58b430

    • SHA256

      e7ed6e5c4717d05c2747e1a54b305de79e47be09e8c29c5b641ac4e5cc73acc3

    • SHA512

      260a7ddc7d567eaa2e613185764da35cc617cc81f583e6c5227ffaba65591fa0804155b588c0e58d8a2b2a8136e5a95703d7648da9fc40553b321dcd55358c68

    • SSDEEP

      6144:wBlL/cof5JCBqNjqbVGnw4Jgc+4t7a+YsB5:Ce6OAYGnw4Jggda+V

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/wkttpwwrnpc.dll

    • Size

      34KB

    • MD5

      ac0287a13001161f8f6979d9b178875c

    • SHA1

      bfa60649e02a0722eece1a0cfb65b125f82e8dcc

    • SHA256

      cca26baaa5fda68034cf93a1075ab828f249f8daab0a58b96f7ab3f0ef7f6e0a

    • SHA512

      7c5f3cd1327e0ceac864313bb3a66cec63cca6a639dbe545768167c006f12ca9cd88f8d79c29f75a2111b0b0ea10581c15a8fbade7db4b3dcdd684deee41487a

    • SSDEEP

      384:wo23nf109G/+xNDWvliIctCCcKNHWIwIqiavtIoUBe+8vtDxzdLCeWU92RS+Uvxr:f2W6rC6vtFce+EtDDuavp/yuG/

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks