Overview

overview

10

Static

static

3

2d64a26563...18.exe

windows7-x64

10

2d64a26563...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d64a26563f9af3edd6f53fad2df1f3f_JaffaCakes118

  • Size

    1024KB

  • Sample

    240510-fasphseh28

  • MD5

    2d64a26563f9af3edd6f53fad2df1f3f

  • SHA1

    f055f917f101af3e087c58036400a1a397a4898a

  • SHA256

    6ce460e934e45ca7a1bb391599c88f83c1c320505beef2f83b25366bc23f3381

  • SHA512

    7972ad1c814b8420e6e0b79651afb9b9328161d5b53fa79e13cc832685b4bde68175ce33ebe300740dbf47e548e48f8d5a73dd64cf6a6918ee27f2e14b37e59c

  • SSDEEP

    1536:07vX/Cd921mSvuL2nQZrD3v1KHS7ZVtKC6bOAJl9HY5bAEIzmdO:O/CGoSaZrT137rtl6bOoLHAbAEUGO

Score
10/10
lokibotcollectionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      2d64a26563f9af3edd6f53fad2df1f3f_JaffaCakes118

    • Size

      1024KB

    • MD5

      2d64a26563f9af3edd6f53fad2df1f3f

    • SHA1

      f055f917f101af3e087c58036400a1a397a4898a

    • SHA256

      6ce460e934e45ca7a1bb391599c88f83c1c320505beef2f83b25366bc23f3381

    • SHA512

      7972ad1c814b8420e6e0b79651afb9b9328161d5b53fa79e13cc832685b4bde68175ce33ebe300740dbf47e548e48f8d5a73dd64cf6a6918ee27f2e14b37e59c

    • SSDEEP

      1536:07vX/Cd921mSvuL2nQZrD3v1KHS7ZVtKC6bOAJl9HY5bAEIzmdO:O/CGoSaZrT137rtl6bOoLHAbAEUGO

    Score
    10/10
    lokibotcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks