Overview

overview

10

Static

static

3

e54d1bcdd9...18.exe

windows7-x64

10

e54d1bcdd9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118

  • Size

    521KB

  • Sample

    240407-tdyltsgb2x

  • MD5

    e54d1bcdd9d7af8f91758cfa17be9224

  • SHA1

    4148817d8d4fc116a7b7725d16183c7e74128f10

  • SHA256

    7532843070bc15b8f344e854f792fd7238819519a9c6bd048030a3575bc2c891

  • SHA512

    487da3ee4bb43915945e90da25a52bedc9db2f29d90348a5efcdcff7da91a86b6d5cb81ebe9041e3f66e6aaf0db2666f65c864480a4eea02cad84e633a36f104

  • SSDEEP

    12288:FIuc84DkEhvbdwIHAlVKLxSSXyJyqvl0zRHv9B37dQTa6a0:4TdwIHAlcrUPvq9zdl

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/fd4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118

    • Size

      521KB

    • MD5

      e54d1bcdd9d7af8f91758cfa17be9224

    • SHA1

      4148817d8d4fc116a7b7725d16183c7e74128f10

    • SHA256

      7532843070bc15b8f344e854f792fd7238819519a9c6bd048030a3575bc2c891

    • SHA512

      487da3ee4bb43915945e90da25a52bedc9db2f29d90348a5efcdcff7da91a86b6d5cb81ebe9041e3f66e6aaf0db2666f65c864480a4eea02cad84e633a36f104

    • SSDEEP

      12288:FIuc84DkEhvbdwIHAlVKLxSSXyJyqvl0zRHv9B37dQTa6a0:4TdwIHAlcrUPvq9zdl

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks