Overview

overview

10

Static

static

3

0d47ac5535...18.exe

windows7-x64

10

0d47ac5535...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d47ac553576c266a5a0a1f28449dd00_JaffaCakes118

  • Size

    364KB

  • Sample

    240502-da8dvseh3t

  • MD5

    0d47ac553576c266a5a0a1f28449dd00

  • SHA1

    2b83ced5a500bfa5944e7e23795b1a8377586eb8

  • SHA256

    57b1f1665a61cc89f3c39c19e55178c320b2f67d056eb6b508c831af2318ee6f

  • SHA512

    f1e92920117fc89ebca901c27a3c426f5a4da7649d2a335694c7f8e28a2b2dad2840723b8b9ba02be1859af8ebfc793e8149ec00a0a5b34fac2b8325b84bfcf0

  • SSDEEP

    6144:I8oasqwYHzuGLA+K5X8oXJzPQ0TR5WgiLt:I8WbG21dR5Lih

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://rajkalsudydhs.tk/nkem/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0d47ac553576c266a5a0a1f28449dd00_JaffaCakes118

    • Size

      364KB

    • MD5

      0d47ac553576c266a5a0a1f28449dd00

    • SHA1

      2b83ced5a500bfa5944e7e23795b1a8377586eb8

    • SHA256

      57b1f1665a61cc89f3c39c19e55178c320b2f67d056eb6b508c831af2318ee6f

    • SHA512

      f1e92920117fc89ebca901c27a3c426f5a4da7649d2a335694c7f8e28a2b2dad2840723b8b9ba02be1859af8ebfc793e8149ec00a0a5b34fac2b8325b84bfcf0

    • SSDEEP

      6144:I8oasqwYHzuGLA+K5X8oXJzPQ0TR5WgiLt:I8WbG21dR5Lih

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks