General

  • Target

    53e0ffb4bae3b44092706ccb01cf99f5_JaffaCakes118

  • Size

    242KB

  • Sample

    240331-l81exaaf94

  • MD5

    53e0ffb4bae3b44092706ccb01cf99f5

  • SHA1

    ee0f7110864268980343c6801252264c798e1ba0

  • SHA256

    1707bc697b6509cc471011f836effe5815d4c553a6d07eac628dd8757141c7cf

  • SHA512

    a6eac1c4ba736e0739d435809438a071dcca8c80d6ebed40dae14f92b37c4b1b3a43246045c1d3a520e0c2cb68164fea848a54688fd484141fff9bef86196313

  • SSDEEP

    6144:wBlL/cZTredk/2YjU1276/AhChM3hz580vpoW3s535zx:CeKk/2292gcM3xe0p3s19x

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=719442

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      53e0ffb4bae3b44092706ccb01cf99f5_JaffaCakes118

    • Size

      242KB

    • MD5

      53e0ffb4bae3b44092706ccb01cf99f5

    • SHA1

      ee0f7110864268980343c6801252264c798e1ba0

    • SHA256

      1707bc697b6509cc471011f836effe5815d4c553a6d07eac628dd8757141c7cf

    • SHA512

      a6eac1c4ba736e0739d435809438a071dcca8c80d6ebed40dae14f92b37c4b1b3a43246045c1d3a520e0c2cb68164fea848a54688fd484141fff9bef86196313

    • SSDEEP

      6144:wBlL/cZTredk/2YjU1276/AhChM3hz580vpoW3s535zx:CeKk/2292gcM3xe0p3s19x

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

    • Target

      $PLUGINSDIR/pwmzqotvoug.dll

    • Size

      28KB

    • MD5

      8bce90199381e2d4765729b5a75314bf

    • SHA1

      fe94312ad5450fa37a6b4fb4557f0a18df93cb3f

    • SHA256

      5fd383ebda46cdadf9fcec02b74982cbf75688498475bbb655f18f4271988f3d

    • SHA512

      1f93e885e556ad1dc6882fc3d05bf4794fdf639f14f20a919b6bcb344eecc1fa5b28bb5c83461b4315ba01b880f2b70ab18cb6ce098b44a58d1e3088bc905e1f

    • SSDEEP

      384:gT2ogsNzG9THkywV7wVhx1udVG4eH6tIFlykk66oXh/allX9mRBRVNSwFSg:gCFIIDk9KAdV/eHbFcrW/NROwP

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks