General

  • Target

    2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118

  • Size

    552KB

  • Sample

    240509-2jwcnaae7v

  • MD5

    2c0dbf8517aeb0a99ef388e49ea67f66

  • SHA1

    f1ac55f5abfe8fa07b331f39075ae0a5bf4d45b2

  • SHA256

    d942798e306149a6e67c47e2e1aaa881eec13dc8a74d916320db5ca265eee037

  • SHA512

    3f847b1f4b09d68a61d059b568ab4f537434fd6df531e0b4f205e58a9be8dfbc511640b45485434001822a9fe44e568e784db778ff340fff44fe8ac21b730b4e

  • SSDEEP

    6144:iXCbvVLWtvKgFjDmbxYQ2moTHCQUskH8bpulmFNplwIAv/2GnwSIxTQnlm7699il:IRQbixuTJcpYmFnl42T2ls699i8Oo6aS

Malware Config

Extracted

Family

lokibot

C2

http://filitimonieenama.com/apocalipto/wakawaka/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2c0dbf8517aeb0a99ef388e49ea67f66_JaffaCakes118

    • Size

      552KB

    • MD5

      2c0dbf8517aeb0a99ef388e49ea67f66

    • SHA1

      f1ac55f5abfe8fa07b331f39075ae0a5bf4d45b2

    • SHA256

      d942798e306149a6e67c47e2e1aaa881eec13dc8a74d916320db5ca265eee037

    • SHA512

      3f847b1f4b09d68a61d059b568ab4f537434fd6df531e0b4f205e58a9be8dfbc511640b45485434001822a9fe44e568e784db778ff340fff44fe8ac21b730b4e

    • SSDEEP

      6144:iXCbvVLWtvKgFjDmbxYQ2moTHCQUskH8bpulmFNplwIAv/2GnwSIxTQnlm7699il:IRQbixuTJcpYmFnl42T2ls699i8Oo6aS

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks