Overview

overview

10

Static

static

3

ff96a0a6a8...18.exe

windows7-x64

10

ff96a0a6a8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff96a0a6a898a47265a817b0bf97ab1d_JaffaCakes118

  • Size

    660KB

  • Sample

    240421-stz9xsef2v

  • MD5

    ff96a0a6a898a47265a817b0bf97ab1d

  • SHA1

    be983a6e8048e17e3475d3ce2a75844fe8b51a76

  • SHA256

    e71703a89fb65868f5daf7517bdd13d16ad09fc7f9a7b3bf4a65fa67844c4b1b

  • SHA512

    7f3c26df383b7aa8d8fe1a1869f519a1e039a36a5d4c4438e151e4f0b9dda6fa41b75b0d8396053aaf5c91ba690c928b30b1836eae150013600371ffbebe0e9f

  • SSDEEP

    6144:73cz/lhDZM7M00G4t2aFu7V1juxuXu2mid4vwfWZgUGDSG7XkimflOv:DcZFW0G/0u/tXuts4vwfW3mSe0imtO

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/4LlT7SRZcUYvF

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ff96a0a6a898a47265a817b0bf97ab1d_JaffaCakes118

    • Size

      660KB

    • MD5

      ff96a0a6a898a47265a817b0bf97ab1d

    • SHA1

      be983a6e8048e17e3475d3ce2a75844fe8b51a76

    • SHA256

      e71703a89fb65868f5daf7517bdd13d16ad09fc7f9a7b3bf4a65fa67844c4b1b

    • SHA512

      7f3c26df383b7aa8d8fe1a1869f519a1e039a36a5d4c4438e151e4f0b9dda6fa41b75b0d8396053aaf5c91ba690c928b30b1836eae150013600371ffbebe0e9f

    • SSDEEP

      6144:73cz/lhDZM7M00G4t2aFu7V1juxuXu2mid4vwfWZgUGDSG7XkimflOv:DcZFW0G/0u/tXuts4vwfW3mSe0imtO

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks