General

  • Target

    515f7da0562307df4c9354d5d5486e4f_JaffaCakes118

  • Size

    249KB

  • Sample

    240331-jztvnaha72

  • MD5

    515f7da0562307df4c9354d5d5486e4f

  • SHA1

    e18acee85cfa4728d7a8103a30b23f6bf2b8b3b8

  • SHA256

    ae30c77472bd494b2116c5ef0fc7bedc11fca5a57c4796e316333d95ef61f437

  • SHA512

    a77b74b1b7364be5812ef0b26f0e208621eb74958c1624ee8a643bb30e1de102eca399b383851bf630bc032bed4402d418f77650ca576b4789a5228b8d1f9963

  • SSDEEP

    6144:yBlL/DXCB2O/sbRmS8EIOAv9YlEuc7AUsDGun6SG:4hXCB68S3Ixv9Y6sDGmC

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=loki

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      515f7da0562307df4c9354d5d5486e4f_JaffaCakes118

    • Size

      249KB

    • MD5

      515f7da0562307df4c9354d5d5486e4f

    • SHA1

      e18acee85cfa4728d7a8103a30b23f6bf2b8b3b8

    • SHA256

      ae30c77472bd494b2116c5ef0fc7bedc11fca5a57c4796e316333d95ef61f437

    • SHA512

      a77b74b1b7364be5812ef0b26f0e208621eb74958c1624ee8a643bb30e1de102eca399b383851bf630bc032bed4402d418f77650ca576b4789a5228b8d1f9963

    • SSDEEP

      6144:yBlL/DXCB2O/sbRmS8EIOAv9YlEuc7AUsDGun6SG:4hXCB68S3Ixv9Y6sDGmC

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/zknj.dll

    • Size

      31KB

    • MD5

      9341d7e6ace114d0d860b083a0abe0b6

    • SHA1

      dac2d2f0b2d50b21440fb8afb3de23f83a59374a

    • SHA256

      6cccaba74963a25e1d95ef66e14ef02cd7b45331d5054a35d3eecf0ae9cfd160

    • SHA512

      dd23f98e305f9e6acf69791604bc306d49290570ca7a8bc982be3d68f3f5f7bbcd57703ba5d5577759f370f0a1070f912e9e0629fa1bbdbc4a02a8a07ea87cd0

    • SSDEEP

      768:k7dqMMWtGuEedF4Arnc68+iMJsbYQo/urrSEIM:UdqmQeg8HfsbY5yrS6

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks