General

  • Target

    4c7f75dbea906c8bac51094411dd5467_JaffaCakes118

  • Size

    262KB

  • Sample

    240331-eh4ajsdd4s

  • MD5

    4c7f75dbea906c8bac51094411dd5467

  • SHA1

    e1b8377fb6db63cabb5f2daec730608327d8b28b

  • SHA256

    ba7495813ffeac0429b6e26659f1a6c3638f9b2e7863f4a96aa3d030ddae9b9c

  • SHA512

    29d48eab09cb4b101be5d388485247c81b4f95a307b4933cc75ad278f51735b90826b2c1061b80190b53d1a1f43d2c201ebcb8fa511900c8ea8a3bfb50fba614

  • SSDEEP

    3072:d0jpv7yusHK+YMiHHtxe8S7ZyTlSdgDKbcBPU3rSe229A3N33Hg4WAtuxGtEYN+T:5HKRxS7sT8dgoUMGeh9A3RHWAwxAX9K

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/fd7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      4c7f75dbea906c8bac51094411dd5467_JaffaCakes118

    • Size

      262KB

    • MD5

      4c7f75dbea906c8bac51094411dd5467

    • SHA1

      e1b8377fb6db63cabb5f2daec730608327d8b28b

    • SHA256

      ba7495813ffeac0429b6e26659f1a6c3638f9b2e7863f4a96aa3d030ddae9b9c

    • SHA512

      29d48eab09cb4b101be5d388485247c81b4f95a307b4933cc75ad278f51735b90826b2c1061b80190b53d1a1f43d2c201ebcb8fa511900c8ea8a3bfb50fba614

    • SSDEEP

      3072:d0jpv7yusHK+YMiHHtxe8S7ZyTlSdgDKbcBPU3rSe229A3N33Hg4WAtuxGtEYN+T:5HKRxS7sT8dgoUMGeh9A3RHWAwxAX9K

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks