Overview

overview

10

Static

static

3

Seoul Air ...LY.exe

windows7-x64

10

Seoul Air ...LY.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efda70a38598b1352a65375079811728_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240415-akchdshd95

  • MD5

    efda70a38598b1352a65375079811728

  • SHA1

    1557cfec1afaa932d183b2fc074c9bb8e45d62e0

  • SHA256

    1637ca544019d055dc81c8d7d97f1d5944d758547016c7043361999fddaef9a4

  • SHA512

    ebc8b6bfcb371a3db63ae88a88f1ff8e2d7c7bbc1eda64004dc58520541a8a858f15decc2464338120ec82af39e986b5bd99c2c2eb59c64b1fcb5c4c0b4e8260

  • SSDEEP

    24576:36hJXqK7s6YnFiejrt9F0TriHb3KEtCdYAAkAb/lA0xAjvAj2AAALAAADAAAeAA9:KzaK6nA8hXEWHB89

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/YhXBwhqZTd6mE

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Seoul Air Cargo SOA JULY.exe

    • Size

      927KB

    • MD5

      2d5bb98aafb25f28aa1f30b37364afb1

    • SHA1

      43c653aed9c2d7ca63641453c0abc6cfad8891f7

    • SHA256

      af9ac07263f577041536d7c65a5aa6f9609613e7565ee6167e95e18f6f2e1110

    • SHA512

      275a59b8e9a4141435e085b74e5b20f1d42436f0cf3c2d9f58b30ec96d3165fe820e3be2e12af85f9559cf00d9f56d80841b637b1934c01d32372ff676607ddd

    • SSDEEP

      12288:ZUhoMJSrEXnurXBK08MdWU919swXnMFRqSO:ZI2AXnurXgJ2r9LXnMFJ

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks