Overview

overview

10

Static

static

3

48321b3ae7...18.exe

windows7-x64

10

48321b3ae7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48321b3ae7cef1a9ac6332d20307fbca_JaffaCakes118

  • Size

    390KB

  • Sample

    240515-1p8dqsea99

  • MD5

    48321b3ae7cef1a9ac6332d20307fbca

  • SHA1

    3c1f8e0ea31b8612b1a63fd7441062c0f7d54651

  • SHA256

    d6bd09cadd7a09d19d66293a896e2ed1d3d9a05968082061e3a9923fa08bb03f

  • SHA512

    dc4bb367be32c3e641019607ad2318978440286af46aa6c35329d81328c6fb1794ede0ee324f91cce93ee74b653b71af557654238a3adb9f506e33d72ad30298

  • SSDEEP

    6144:7Plxh9hrTKx6/QlIU5fNQlYegHrSnSPrbjRbDboVf17fzzH+M:pobhUPnf

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://kersterus.gq/wp-content/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      48321b3ae7cef1a9ac6332d20307fbca_JaffaCakes118

    • Size

      390KB

    • MD5

      48321b3ae7cef1a9ac6332d20307fbca

    • SHA1

      3c1f8e0ea31b8612b1a63fd7441062c0f7d54651

    • SHA256

      d6bd09cadd7a09d19d66293a896e2ed1d3d9a05968082061e3a9923fa08bb03f

    • SHA512

      dc4bb367be32c3e641019607ad2318978440286af46aa6c35329d81328c6fb1794ede0ee324f91cce93ee74b653b71af557654238a3adb9f506e33d72ad30298

    • SSDEEP

      6144:7Plxh9hrTKx6/QlIU5fNQlYegHrSnSPrbjRbDboVf17fzzH+M:pobhUPnf

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks