General

  • Target

    53754b445a0f70892e6c0de3653735dc_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240331-lw7y8aad59

  • MD5

    53754b445a0f70892e6c0de3653735dc

  • SHA1

    91c777eab3f1ef141b0eb3a6d162b903e2d6d7df

  • SHA256

    736c1a6260210e721fbfc85800db502d17f2b495ab2d0bf856d19034ef176e16

  • SHA512

    b3bc11c9b22eec3c0620f0996c6976db964b4280da5ecf91dddf08833ba2760283d9218d484cf74d000476c17627a1018ba72333fdef2eaa9ede29b552552bff

  • SSDEEP

    24576:qjMUC9dS/9jJ50uK0smFMSslMo+qN9ceiW0RPkyZ8iu:qRC9s/JJ7lsmFxslf+miNRPRU

Malware Config

Extracted

Family

lokibot

C2

http://smartcamainpowerizman.sytes.net/ioknfbgj/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      53754b445a0f70892e6c0de3653735dc_JaffaCakes118

    • Size

      1.1MB

    • MD5

      53754b445a0f70892e6c0de3653735dc

    • SHA1

      91c777eab3f1ef141b0eb3a6d162b903e2d6d7df

    • SHA256

      736c1a6260210e721fbfc85800db502d17f2b495ab2d0bf856d19034ef176e16

    • SHA512

      b3bc11c9b22eec3c0620f0996c6976db964b4280da5ecf91dddf08833ba2760283d9218d484cf74d000476c17627a1018ba72333fdef2eaa9ede29b552552bff

    • SSDEEP

      24576:qjMUC9dS/9jJ50uK0smFMSslMo+qN9ceiW0RPkyZ8iu:qRC9s/JJ7lsmFxslf+miNRPRU

    • Detect ZGRat V1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks