Overview

overview

10

Static

static

3

jdik4JxEILyMsaJ.exe

windows7-x64

10

jdik4JxEILyMsaJ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e666a39c9ea18a7365f95fda94fe0962_JaffaCakes118

  • Size

    841KB

  • Sample

    240408-cn6xhsdh92

  • MD5

    e666a39c9ea18a7365f95fda94fe0962

  • SHA1

    c10f79d870f857452f15f4d204f1b07726344dc8

  • SHA256

    e25f008652428767e491c4ee3baaf9f3b648a3b6ab9bc423be3c7305779b09fb

  • SHA512

    1e69fd11c0ad4f9a5f0bcf1978063baa06700490a11f6387c33e5763f3f1a3ab7ca1795d2ae4618cb339a95e3b5363c26746f3cb56f2414ba25051ed874f4ddc

  • SSDEEP

    24576:VHZeQMinhpw0WAiBr60WuSAwZDpff0/SBZS+K:5Z3Z40WLHgiZ

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/W9ZqiawWCXST6

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      jdik4JxEILyMsaJ.exe

    • Size

      1.3MB

    • MD5

      2719ed77aed07538d050e6ffd960f5ac

    • SHA1

      52150968e889b7a28e8d327fad3b18059bc2109a

    • SHA256

      646b7469b8447ea451720f3f0a3662923655fda17f05d6a995d16f94d4bfde15

    • SHA512

      fd1e8d2dd6cc7236837aa2898f39e1a60d36d8db89fe523847d83aea1f4c84e4eef9a2e4002bcf1335d0a1b843f7b22af241460df22ae133a53a749afe52bfe2

    • SSDEEP

      24576:G9qbTA/fx8DgMfx8Dg9s9HY0m+JiCEqL8UrkousQJY9O9lNyV9PZCnLL://A/58DgM58DgW48JibqAsQa9syPZCL

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks