Overview

overview

10

Static

static

3

f49e5a852f...18.exe

windows7-x64

10

f49e5a852f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f49e5a852feca0683ec31ea0941e2997_JaffaCakes118

  • Size

    483KB

  • Sample

    240417-abl1gahf3v

  • MD5

    f49e5a852feca0683ec31ea0941e2997

  • SHA1

    1d0eea1a7701e502f47e5f86e683a9bd4539d0e3

  • SHA256

    0ff4cbb5cd7a30da780fd16c5401ba6d2ae2c437bcb461351d38f494c964cd63

  • SHA512

    47665ce3682511e87a5cbef0510dd09527c9d252c2b3b63dea9c474b183e012127191a2039dadfb9b4d2eb67d23bd60f8bf649e61f73e086d05fd90e57314b5c

  • SSDEEP

    6144:F1F082jjz5LHzQr7ikQ+rpZOKDTZW8rq1qePVNjsr5PRgNXgnQiKo4+Y:7OBjjz5L8qM1DE8rlePV+GBCy

Score
10/10
lokibotzgratcollectionratspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/mxnW4pqpedfLr

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f49e5a852feca0683ec31ea0941e2997_JaffaCakes118

    • Size

      483KB

    • MD5

      f49e5a852feca0683ec31ea0941e2997

    • SHA1

      1d0eea1a7701e502f47e5f86e683a9bd4539d0e3

    • SHA256

      0ff4cbb5cd7a30da780fd16c5401ba6d2ae2c437bcb461351d38f494c964cd63

    • SHA512

      47665ce3682511e87a5cbef0510dd09527c9d252c2b3b63dea9c474b183e012127191a2039dadfb9b4d2eb67d23bd60f8bf649e61f73e086d05fd90e57314b5c

    • SSDEEP

      6144:F1F082jjz5LHzQr7ikQ+rpZOKDTZW8rq1qePVNjsr5PRgNXgnQiKo4+Y:7OBjjz5L8qM1DE8rlePV+GBCy

    Score
    10/10
    lokibotzgratcollectionratspywarestealertrojan

    • Detect ZGRat V1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks