Overview

overview

10

Static

static

1

33ca486ee8...18.ps1

windows7-x64

10

33ca486ee8...18.ps1

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33ca486ee889bc38d992e033ea20cb5a_JaffaCakes118

  • Size

    493KB

  • Sample

    240511-kxmt1ada59

  • MD5

    33ca486ee889bc38d992e033ea20cb5a

  • SHA1

    c26e975dbc222bfdd9a7fd628c9a76d5fb9ed2ec

  • SHA256

    d01d56d0488f4286f99b67ea683b80cb85cb1a1740aa92470c3b2466f0ea207a

  • SHA512

    7f9055d413103fb0d33383c915fe39d5880fb3c2bc77d2de232388d89cc0d45d865c446a6cee06472863d0b0b70fa431ca217e0a36e1191160864d12c3c8adb2

  • SSDEEP

    12288:zZUvZhblII/vlJEzfYT7a19RKXHMyv+A9:zINlIAJM+7mzKbmM

Score
10/10
lokibotcollectionexecutionpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://afrisoccer.co.tz/cgi/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      33ca486ee889bc38d992e033ea20cb5a_JaffaCakes118

    • Size

      493KB

    • MD5

      33ca486ee889bc38d992e033ea20cb5a

    • SHA1

      c26e975dbc222bfdd9a7fd628c9a76d5fb9ed2ec

    • SHA256

      d01d56d0488f4286f99b67ea683b80cb85cb1a1740aa92470c3b2466f0ea207a

    • SHA512

      7f9055d413103fb0d33383c915fe39d5880fb3c2bc77d2de232388d89cc0d45d865c446a6cee06472863d0b0b70fa431ca217e0a36e1191160864d12c3c8adb2

    • SSDEEP

      12288:zZUvZhblII/vlJEzfYT7a19RKXHMyv+A9:zINlIAJM+7mzKbmM

    Score
    10/10
    lokibotcollectionexecutionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks