Overview

overview

10

Static

static

3

2f74832b50...18.exe

windows7-x64

10

2f74832b50...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f74832b5086c6f6002769dc945ba050_JaffaCakes118

  • Size

    560KB

  • Sample

    240510-q97mtshg5t

  • MD5

    2f74832b5086c6f6002769dc945ba050

  • SHA1

    e9dffbf49f27cb77f0b5cd525be2bb57b6ba8501

  • SHA256

    b4f2f1134ff11686f962039e8abcd52aed6a581d0144b8348bff0461de509a1a

  • SHA512

    11ad7ccf7dd162dea5a3c7216f53af515d4119cc4ec6b1e0aeb2fe57d3e5bbee8f2dd66e69ad13d5c6ee9d6efc0c03888fc9b4046210ba30233f6f92df68a8e2

  • SSDEEP

    6144:2Z1j6OilaRdBeWY8K8NeoMWSQmEqNfARx8jQsvdsypYjKCBZHbvXj8Crot4U62:Qr6pux2CZb2t6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://publicspeaking.co.id/ojas/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2f74832b5086c6f6002769dc945ba050_JaffaCakes118

    • Size

      560KB

    • MD5

      2f74832b5086c6f6002769dc945ba050

    • SHA1

      e9dffbf49f27cb77f0b5cd525be2bb57b6ba8501

    • SHA256

      b4f2f1134ff11686f962039e8abcd52aed6a581d0144b8348bff0461de509a1a

    • SHA512

      11ad7ccf7dd162dea5a3c7216f53af515d4119cc4ec6b1e0aeb2fe57d3e5bbee8f2dd66e69ad13d5c6ee9d6efc0c03888fc9b4046210ba30233f6f92df68a8e2

    • SSDEEP

      6144:2Z1j6OilaRdBeWY8K8NeoMWSQmEqNfARx8jQsvdsypYjKCBZHbvXj8Crot4U62:Qr6pux2CZb2t6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks