Overview

overview

10

Static

static

3

3e68d38b96...18.exe

windows7-x64

10

3e68d38b96...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e68d38b9687d6d947711d1105076a1a_JaffaCakes118

  • Size

    386KB

  • Sample

    240513-jhnx3scg3x

  • MD5

    3e68d38b9687d6d947711d1105076a1a

  • SHA1

    f7b7e51adbd2ad3830b23ba1047b2ff06662ef3c

  • SHA256

    9e931ddc070e0c5be9b565479a298449f8c38a686472774386d5a3a402b4eee6

  • SHA512

    76cc87ccf6d6d8e2c56c4a778f17b1d3a3904714d4ac861f9b99e75eaf3c1191073a0ae3c2352e8b86cd2966ecb591082d87b7e64f577204f668c34a7360dd13

  • SSDEEP

    3072:Wq9dGWohBHIQ9se3BhHI7+vFP28A7eq1PAJ74Icry78/w/PM4mMyJvPaZESu:YqQOkBlIwFP87TARcikH1v+Er

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://ipqbook.com/shalom/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      3e68d38b9687d6d947711d1105076a1a_JaffaCakes118

    • Size

      386KB

    • MD5

      3e68d38b9687d6d947711d1105076a1a

    • SHA1

      f7b7e51adbd2ad3830b23ba1047b2ff06662ef3c

    • SHA256

      9e931ddc070e0c5be9b565479a298449f8c38a686472774386d5a3a402b4eee6

    • SHA512

      76cc87ccf6d6d8e2c56c4a778f17b1d3a3904714d4ac861f9b99e75eaf3c1191073a0ae3c2352e8b86cd2966ecb591082d87b7e64f577204f668c34a7360dd13

    • SSDEEP

      3072:Wq9dGWohBHIQ9se3BhHI7+vFP28A7eq1PAJ74Icry78/w/PM4mMyJvPaZESu:YqQOkBlIwFP87TARcikH1v+Er

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks