General

  • Target

    42760081600893685f95fb72f19cdb11_JaffaCakes118

  • Size

    419KB

  • Sample

    240330-xz9srscf2v

  • MD5

    42760081600893685f95fb72f19cdb11

  • SHA1

    26181140ee557c0c62e04e4bbc8494369a679fd0

  • SHA256

    6a32fb4736e2b8310dc651c64447bfb63490ebced02ab2671685b0856274dab9

  • SHA512

    07e7c3eded954cdf2611aacba6ef479c61fef49604b404e8dd180aa89d22eeeca6ebbcbee15f0290a5d0dff12d04d62a94df3855bba8f6ad7b3b1f3992f47c56

  • SSDEEP

    6144:/Nmvwy0zRUgE/hwXwzF+EKaEUmdWOcp6dIuFPObzc9VNLh:/woXzRUzwXwzF+haEh0gIuxObzc9VZh

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/ga13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      42760081600893685f95fb72f19cdb11_JaffaCakes118

    • Size

      419KB

    • MD5

      42760081600893685f95fb72f19cdb11

    • SHA1

      26181140ee557c0c62e04e4bbc8494369a679fd0

    • SHA256

      6a32fb4736e2b8310dc651c64447bfb63490ebced02ab2671685b0856274dab9

    • SHA512

      07e7c3eded954cdf2611aacba6ef479c61fef49604b404e8dd180aa89d22eeeca6ebbcbee15f0290a5d0dff12d04d62a94df3855bba8f6ad7b3b1f3992f47c56

    • SSDEEP

      6144:/Nmvwy0zRUgE/hwXwzF+EKaEUmdWOcp6dIuFPObzc9VNLh:/woXzRUzwXwzF+haEh0gIuxObzc9VZh

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks