Overview

overview

10

Static

static

3

faa648a856...18.exe

windows7-x64

10

faa648a856...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    faa648a8568e4627e7edc78099d087b5_JaffaCakes118

  • Size

    698KB

  • Sample

    240419-tdqwzsgd69

  • MD5

    faa648a8568e4627e7edc78099d087b5

  • SHA1

    cfd6a3dca64f42f8bb5c3a4e9d7b9cab4d78e177

  • SHA256

    611b569440a6daaf92be62a1958366eb772bd62b7bc2f20893870808e0d5a277

  • SHA512

    ba1b98ae66865341b8a28408eb147dd0ddf073bd308860050a6575501a6193b50eb2e1fc4e7e9e34d4bdc40d11bbe5a728ea8960de2595ea878251605101d8eb

  • SSDEEP

    12288:R1Wl8TpYMxskWv6rfIYJ3dqbTeU77xkU7d3:RAGF0yhtqHx77xkUV

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/j572NMRHsdmec

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      faa648a8568e4627e7edc78099d087b5_JaffaCakes118

    • Size

      698KB

    • MD5

      faa648a8568e4627e7edc78099d087b5

    • SHA1

      cfd6a3dca64f42f8bb5c3a4e9d7b9cab4d78e177

    • SHA256

      611b569440a6daaf92be62a1958366eb772bd62b7bc2f20893870808e0d5a277

    • SHA512

      ba1b98ae66865341b8a28408eb147dd0ddf073bd308860050a6575501a6193b50eb2e1fc4e7e9e34d4bdc40d11bbe5a728ea8960de2595ea878251605101d8eb

    • SSDEEP

      12288:R1Wl8TpYMxskWv6rfIYJ3dqbTeU77xkU7d3:RAGF0yhtqHx77xkUV

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks