General

  • Target

    5057cc691005a448954a59faf019c6a4_JaffaCakes118

  • Size

    523KB

  • Sample

    240331-h3wb8agd79

  • MD5

    5057cc691005a448954a59faf019c6a4

  • SHA1

    15547242c0a6e054e3b2a7f47edbe8c0ad062f69

  • SHA256

    bb727e3ccf2cad49fa431905c08dd6c9f52e880a8d290b8f0c4842f1ac50ce1e

  • SHA512

    b8cffe0c2b74f18b3d31065f9e4462160c20974b82b9841401f6d489797d1e60556db7915ce0727a6b0d9e2b62848804979ca2a54a667edc71d3014677434477

  • SSDEEP

    12288:CxoPkgSBJKtOMtCP2YQMasabaHNbETPIxK2:KoPGBk2wjsaCEIw2

Malware Config

Extracted

Family

lokibot

C2

http://frinqy.gq/apps/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5057cc691005a448954a59faf019c6a4_JaffaCakes118

    • Size

      523KB

    • MD5

      5057cc691005a448954a59faf019c6a4

    • SHA1

      15547242c0a6e054e3b2a7f47edbe8c0ad062f69

    • SHA256

      bb727e3ccf2cad49fa431905c08dd6c9f52e880a8d290b8f0c4842f1ac50ce1e

    • SHA512

      b8cffe0c2b74f18b3d31065f9e4462160c20974b82b9841401f6d489797d1e60556db7915ce0727a6b0d9e2b62848804979ca2a54a667edc71d3014677434477

    • SSDEEP

      12288:CxoPkgSBJKtOMtCP2YQMasabaHNbETPIxK2:KoPGBk2wjsaCEIw2

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks