Overview

overview

10

Static

static

3

ool.exe

windows7-x64

10

ool.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f01c54366dbde85fc59378529975f70_JaffaCakes118

  • Size

    323KB

  • Sample

    240510-n7txvage76

  • MD5

    2f01c54366dbde85fc59378529975f70

  • SHA1

    210bac4ca082847a3fec2c7d5eb80d3766e04d32

  • SHA256

    5063eb6114da6d82599fd2b0774e936908e80e2ab5525d3698f9e5712e408abe

  • SHA512

    1f4ecc8fa168c164b1d15dbcb3cd9619ad9f05f4870c17af139734c5fd54dd82bfa7a1c279c72075e38098376f162bab42431658a1d037d0716bf53d11688a84

  • SSDEEP

    6144:2/8sXFb2QA9GoReyTU5fYp0ZgCDaCW/YfZav/xkmKt6Fgq+:SLd2k5ipUaCWkEKF66q+

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://edulinkr.com/ol/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ool.exe

    • Size

      595KB

    • MD5

      eae27f51ef241df09461644766f7c8ab

    • SHA1

      17ad552fbc80a2cdeefcc11e5146c4945b73cede

    • SHA256

      0863c38d844a42375b3057d52bc75e6d67a3aa202bd5b5e14079929147c68b89

    • SHA512

      2b85b5f0729b229155e2b2d6f7184989a36fa2f81e56b16d3c44d00dae613fa13394560e35ac16d403c01dc03a0f306650b1fd46a33cad66f054ace2351adaff

    • SSDEEP

      12288:7Y2SRgOu9uO2dm4rqoXa3p1m+c9JZUqGWbs:7xSJvObTV37m98qGWI

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks