Overview

overview

10

Static

static

3

17b5b59742...18.exe

windows7-x64

10

17b5b59742...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    17b5b5974226fddb4a895dd0586ec38e_JaffaCakes118

  • Size

    338KB

  • Sample

    240329-efybhshf92

  • MD5

    17b5b5974226fddb4a895dd0586ec38e

  • SHA1

    0a6e65c6b7672ee2bddf66e6021a840ffa0fea2e

  • SHA256

    b9bb35cd0e8338734fa4297e3cff5b32949f64e50f2c7ecdf348bf562c411621

  • SHA512

    4853ec3f091454bca34076afa3b3fd91e97acd61da6bbcca24eedb46c140a84dba3f0b323b6401f997c648e5fa18590c2120d9217c1605070ce95c238ed41a7b

  • SSDEEP

    6144:UtnkdhkjbX6BKilKb9nyQ7UYY/vKxltfcV3f2IVbuNBQA3:unkdhkjL84ZyQ7UPv0tfy3f2oUF

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/ga14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      17b5b5974226fddb4a895dd0586ec38e_JaffaCakes118

    • Size

      338KB

    • MD5

      17b5b5974226fddb4a895dd0586ec38e

    • SHA1

      0a6e65c6b7672ee2bddf66e6021a840ffa0fea2e

    • SHA256

      b9bb35cd0e8338734fa4297e3cff5b32949f64e50f2c7ecdf348bf562c411621

    • SHA512

      4853ec3f091454bca34076afa3b3fd91e97acd61da6bbcca24eedb46c140a84dba3f0b323b6401f997c648e5fa18590c2120d9217c1605070ce95c238ed41a7b

    • SSDEEP

      6144:UtnkdhkjbX6BKilKb9nyQ7UYY/vKxltfcV3f2IVbuNBQA3:unkdhkjL84ZyQ7UPv0tfy3f2oUF

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks