General

  • Target

    41face75a1b319026f0f1a4ab4f91cef_JaffaCakes118

  • Size

    247KB

  • Sample

    240330-xhpq9scb5v

  • MD5

    41face75a1b319026f0f1a4ab4f91cef

  • SHA1

    bce15bac8ec540ff2e4a875c6d240a3ce95d4134

  • SHA256

    a3237b31acd5448e7082cf28eb83ba819added0c2053c938cb603652aeecf177

  • SHA512

    d68835373f9dc80190186c3c8871bb6dcb997928a18c95724f94c865d3d4e8cb1aa8ef29292aab760b4187e05d8779db3b1206530ea91686a7b9399a44400ba3

  • SSDEEP

    3072:M+l+zHLTn/Kq4nH1oqL4J5iGCh3vm2QHboS9D98aShyuy6inoeRVr/+XHHiz3E:hozHLTnwSqMJsd50Vx98aC3uz8HCE

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/ga14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      41face75a1b319026f0f1a4ab4f91cef_JaffaCakes118

    • Size

      247KB

    • MD5

      41face75a1b319026f0f1a4ab4f91cef

    • SHA1

      bce15bac8ec540ff2e4a875c6d240a3ce95d4134

    • SHA256

      a3237b31acd5448e7082cf28eb83ba819added0c2053c938cb603652aeecf177

    • SHA512

      d68835373f9dc80190186c3c8871bb6dcb997928a18c95724f94c865d3d4e8cb1aa8ef29292aab760b4187e05d8779db3b1206530ea91686a7b9399a44400ba3

    • SSDEEP

      3072:M+l+zHLTn/Kq4nH1oqL4J5iGCh3vm2QHboS9D98aShyuy6inoeRVr/+XHHiz3E:hozHLTnwSqMJsd50Vx98aC3uz8HCE

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks