Overview

overview

10

Static

static

3

470711a8c1...18.exe

windows7-x64

10

470711a8c1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    470711a8c1e49ad4e6202e21ebce34a7_JaffaCakes118

  • Size

    472KB

  • Sample

    240515-tzhgqshg68

  • MD5

    470711a8c1e49ad4e6202e21ebce34a7

  • SHA1

    f74ffca223feb25c1bda6229c245d7aa31234cfe

  • SHA256

    38566f9a331bb8503835d7abfdc027d9d3fa45c65f388d7fd84b2c97f297ba85

  • SHA512

    0a6d973ac9bf6ab2224c59969595603f4fa41c0d4c92b92a30a76872e08033c48ec82ec926efe1aa24d1863181d08dd9ef67d65466291866173a074c7e5304b0

  • SSDEEP

    6144:5YFmEvMGFpB5fzKL87p7yC5KCpQSZc/t6KiuOVRDyXteftTOj:5YQyFpB5fzKL8dL5G+J0XYTO

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://jayp.eu/loki/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      470711a8c1e49ad4e6202e21ebce34a7_JaffaCakes118

    • Size

      472KB

    • MD5

      470711a8c1e49ad4e6202e21ebce34a7

    • SHA1

      f74ffca223feb25c1bda6229c245d7aa31234cfe

    • SHA256

      38566f9a331bb8503835d7abfdc027d9d3fa45c65f388d7fd84b2c97f297ba85

    • SHA512

      0a6d973ac9bf6ab2224c59969595603f4fa41c0d4c92b92a30a76872e08033c48ec82ec926efe1aa24d1863181d08dd9ef67d65466291866173a074c7e5304b0

    • SSDEEP

      6144:5YFmEvMGFpB5fzKL87p7yC5KCpQSZc/t6KiuOVRDyXteftTOj:5YQyFpB5fzKL8dL5G+J0XYTO

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks