lokibot | 69854674b6ff0ff95664cd8137f440c1eee2fb8abba5ef706d2b7fc90f3d5c7e

Sharing

Copy URL

Twitter E-mail

General

Target

4e2e33ff3d9c5857f0a53331be9aeaac_JaffaCakes118
Size

4.3MB
Sample

240517-dqbd3aef61
MD5

4e2e33ff3d9c5857f0a53331be9aeaac
SHA1

55862fd4e8d31d4cde40f859f69523d0d24bb73d
SHA256

69854674b6ff0ff95664cd8137f440c1eee2fb8abba5ef706d2b7fc90f3d5c7e
SHA512

32ac7b95f164391c10d78b4f8007c6e0bc79b95f725c2f3665500bcc937e9433e06f67c09fafb2d6ebded6e41481f13172b193c3879fde5b581bf184aba16dda
SSDEEP

98304:5F9GAOrPZWCrfy9XiNT3SJYtid2cH8ob4sRJ0vNDa:LDOrP8Crfyy3SJ/sC8objEN2

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://fakeme.us/Panel/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Loki 1.8/CookComputing.XmlRpcV2.dll
- Size
  
  120KB
- MD5
  
  537de6ee0a72601be1e1e452a3010954
- SHA1
  
  91f87bc5cc88249811dfcd130ccc2ca907eee2d3
- SHA256
  
  5826818bb43d41f6bc08722f036f3f9402dd53b6e6d6356caa5192fadf278451
- SHA512
  
  55eba8ba9d51bf5be2f8b40b68b0d162b6f1dfcc692d11e886a17d325fdb07c47965bd9fe590caafcf2a885f4b667b1e1a99a7467c5fc7ed45d214813fe91129
- SSDEEP
  
  3072:nYroBKFuiSfBStfhXjCjjETsm1cGvyN0rtmfeJyLG3CE2F+46tD1C2Eo:nwSfBStWnGvsPfeJyLGGKD1C2E
Score

1^/10
behavioral1 behavioral2
- Target
  
  Loki 1.8/LokiBuilder.exe
- Size
  
  1.7MB
- MD5
  
  99c58f53aeff09348dabcfc809dcc7ad
- SHA1
  
  6b34e74735eb8b797573230391ef93e3b32e893d
- SHA256
  
  9c3bdcffcaa43ebc06ddd4e98b03459d16ee350aede9524208b34fc2da6b3795
- SHA512
  
  1e976503ca26d77650eb176e66d94bde5f2253f4a50b9765a7678cacb90e022fc46394010e4324fe558e00854a81b29bad65720364fbef6b13e56db5bbe5299b
- SSDEEP
  
  24576:cwb0elgqSMsTup9DcCmk5Q4LLtkKAkPqN6MV6kORv9MiC8ziQg:vd4CFXAkyNOiiC8a
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  Loki 1.8/MRG.Controls.UI.dll
- Size
  
  11KB
- MD5
  
  f3ef809f9235900c0b086e1d22891321
- SHA1
  
  0251416274a1934d9461906e878858dec6be1a76
- SHA256
  
  7e27f1b12fe021a61fcbc5b349c75d49f0a41d6ea2556799d15948ce255c57fc
- SHA512
  
  5bcb9815c4a11583994168d704638b92f67313f36028bbd199c167fce2ecff16a98f3f0649d977b0784a45653ab0e4d22022ea24bfdbb46ac93693e3e7590311
- SSDEEP
  
  192:jKav8vl059O9z6b16UDauuuuuuUnGh4A7uf65I5BLZBGnn15sXQJ2NpQX:WapPcz6QruuuuuuUW4DC5I5BL7amQJ26
Score

1^/10
behavioral5 behavioral6
- Target
  
  Loki 1.8/NReadability.dll
- Size
  
  41KB
- MD5
  
  008fe03cbe1da5d1c39706d34fc8a85f
- SHA1
  
  87a8a21802c2cabcfe0bfad3f28eca6ac7a3f09c
- SHA256
  
  c057c61e1871252c98d4482fcd4a55713db2427d92dabf2d0e006bf948d0569f
- SHA512
  
  deb3494f34f9a0b3725ecf188ba19b28cb4d91185fe729b17d2140a19a9886f7e3ebeb1c74f8361adf65183c9cd7e1d770bc1a96d29bf81a3ea4c096ec695995
- SSDEEP
  
  768:aNTjuakP4LpHPvt3j+ahgZs/5wLEyCQ7G8Axuzdp2wT2+IyP6jsl6r2r5n:ad7kP4LpHXPSZ7LEFQ7G8Axuzj2wT2+V
Score

1^/10
behavioral7 behavioral8
- Target
  
  Loki 1.8/Panel/inc/class/misc.class.php
- Size
  
  66KB
- MD5
  
  619cd2ce2df8764750e66b4989c55ba8
- SHA1
  
  26ebf1af647c6a28f70b73e0263fd10da861b6f2
- SHA256
  
  b7d5548cbe65f4a3533708ad64309a4466022a9ce592bcf4cb42bd7d6dfe4c8e
- SHA512
  
  2e323b7a930065da53e19eb32911533733a3085700f5c3ec47448abc6e53f19f988d258c5ed8cf70d71eb7d3f795ceb4e8629cd635a2a3e07a9abaf5f3b93aac
- SSDEEP
  
  1536:Cwv+CpQQSfEv/CLCQecYeReGT6uNU51FXNtiLanesKY1K5Ue/iasa:CK+1T6qLcesKY1K5Psa
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Loki 1.8/Panel/inc/class/mysqli.class.php
- Size
  
  76KB
- MD5
  
  ee9dbe92dd08c8f3a082ab46103ef4f8
- SHA1
  
  cd9beb16a8ceb9403101d77c5c596c657074ff83
- SHA256
  
  5eb284f8432c5f442de9bdd5e41ed303aa53f47d5e0da5b8d67e957bbbcacac6
- SHA512
  
  93e80b1da8b7f98a431c947bd435fc7f60b5e50a0af2ae9df1ecbd60f1d8ea0a709138cd40bca2ed6157f3a5d6e0ac3a29e358051ba37373315aa6ffc3e52638
- SSDEEP
  
  1536:kHgMcfeNcsDDkdnn5ssfTSxs51LsDZVrWD:pfeNct
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pBarcode128.class.php
- Size
  
  6KB
- MD5
  
  a9fc8013bd8f51789fb657199b502637
- SHA1
  
  7e862deba68e60a997f42e2e1c757ba2e90d1b9b
- SHA256
  
  070c18ed48a10fa0a26482426ccc20f494dbbb79b0ca6d8b70ffb2685947ba8f
- SHA512
  
  078652a07045e226541e411ce67a478f570f29b4a9fc3b234f58c16cf29e31c35ac9b12c9859530c4fab89aa8a9fe1d36cb4c7b48a55cbb79b92718903c27a61
- SSDEEP
  
  96:MoB3gDYR4btt/uGPyDWIesaS7f3HddPsoEXAkM:MoB3eYRyEGPyDWHsaS7tOoEXAkM
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pBarcode39.class.php
- Size
  
  7KB
- MD5
  
  ff78588d44eece5ad0436581257b9e9f
- SHA1
  
  810e27278870cb260bef6d9b7794f56cbfde54b3
- SHA256
  
  7d82743e15cf0d6de4412fc116c4fe1ce932c0116ca2a10f46962b1ed33735a2
- SHA512
  
  f7f0cf43116cc7f28159f2c8315967dcf003f9fa5f88a01b4d44c080ccdd77336c9f5bb7d4e54333abe9e981000e5655b9eed4d6588415db1c2caef75505740c
- SSDEEP
  
  96:eoB3gDYaWiATbK1/7IQri2vZO9zwfcS7+HddPsoEzzXAkM:eoB3eYZiACtI+i2RO9zWcSIOoEHXAkM
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pBubble.class.php
- Size
  
  14KB
- MD5
  
  e297812e01d2338df95c40a74bf3699e
- SHA1
  
  09c88abe3d5b789d7668b3dd05d62b701273a9d6
- SHA256
  
  bde928ec2a3d04012a2a5aa652b9f9b0f9dc70c8d0789f70fca2917f519b88f4
- SHA512
  
  3d8acc03675f933f068b6554a87d56c326f6bd1b60a9167e38ad424982b7d971b8bb639d71a0da5f405002844582b04196d0fe370b7a17be46c7f7a5465a7f60
- SSDEEP
  
  96:toB3gDTXYQO49Wy65dra3Xte7WxvjauVZsmfes0IUWlnb5y8bkzxy8br8p77pvK0:toB3eTXYQO49Wx5dW3XiWJsS08pyhE
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pCache.class.php
- Size
  
  8KB
- MD5
  
  718b4ca4d55c403332a3477a10161789
- SHA1
  
  97d6cef62fe9e14f9a871648953ee2bc2538e45c
- SHA256
  
  d7d4f3dbaf3a39ee73056cd1c9690ebeb3370528f720e0de145db78c211856ec
- SHA512
  
  fb0aee797f7c1b6b02390a35ea673abd0406bed44454e4ab8bd38dc7ad176db5155cdb2b058df3894edc7468f5dfb93494e042546e236fa06a2ce7ab52052f5c
- SSDEEP
  
  192:VoB3eY60PKKfm2q5HNZVo/vQG0lJeMjDK5Fvjy7:6O8CFTiEGjy7
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pData.class.php
- Size
  
  30KB
- MD5
  
  5f125e49f5fb06094f12aa27dbfa31ed
- SHA1
  
  aff84d0e69f85c91705208029bf88dd8b4d5cacd
- SHA256
  
  f705add7a7e20a5603b432d97a80170a9d31dc4de449a6a0ce014b4169582b1b
- SHA512
  
  0b4c073ffbcf8e4c7932c121bde44698656b0ab19dac98692f2e83470510a1829d09eee6418e47237cac115bed25f8d319525f13ad7a2e4fc7876016a3d3c6b8
- SSDEEP
  
  384:PO7Ex4JPAMRdTXm9KbSX5hyxUgMsS6sz8n8pwvQJxISbcV5s3NA:SExmnzm9KbK58Ojsoz8n8psIISbh2
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pDraw.class.php
- Size
  
  319KB
- MD5
  
  0b9bbffe4c457652343862347e1357ef
- SHA1
  
  23d4591b018f5d133ecdff92e387877b0845b432
- SHA256
  
  97201d530c4745751246ed4639cf24e3342ce0a4a3de885b2e969e1cdc1bf3db
- SHA512
  
  20cd48f0119681a925950eb5771cb884eb5a8e980d8e931df130320febd99724cb66e0c4f5cbd6a2f7e1ee190a7f505a5a5426e0831daae6d817b1bbdfa9a149
- SSDEEP
  
  1536:PkqjoqKdH5Isz01Dx0MBDK5BgJctv5VqFhuQAqoXkbETmuDodIE0XX3nz:EmF4QAqhbETmuDoOE0XX3nz
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pImage.class.php
- Size
  
  19KB
- MD5
  
  de8a9c64df37a59ca0d4932414c817de
- SHA1
  
  429b0b9dcc9e3843976dcb14c16e45a874208309
- SHA256
  
  40a1105c0b71544cc8352fefacf982252d0cbf68c7b2ce57ac010cf152537028
- SHA512
  
  952dd9538fdbf743a726b57772bc64c51c5ef158328f2f638d12fc6a79cd87c748f858637c7950618437aabc3164e535bf32b5604fcd1e0f225b19c84754f1c1
- SSDEEP
  
  192:goB3enohsCfN2o7auOmPhTRzTePSmjfqmfLCEm1ty297z2yr36zhaa4aY665ppLP:lOoFAmPhTRzZmTCFZJfFAu
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pIndicator.class.php
- Size
  
  11KB
- MD5
  
  4ac9195a473ab04729bb513852bc1bc7
- SHA1
  
  af605e8882ce5ec6b41b3902b75414fdf4e54257
- SHA256
  
  03db301cb33d99a591f32ac3050b24b360434759c4cf6ea835612e4516bef920
- SHA512
  
  d7c3e887f0e467fe72c155be1dab637fb9d368ef08cd6d36857bb0185a1f1d2792643df791b8209b2325d8c27dd6e1a78ed8531f3a6e0996156b95101747832e
- SSDEEP
  
  192:tjoB3eGZNS+1uFIgn1QKAlOpFCpK7TWOe:6OQ4ntpopBj
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pPie.class.php
- Size
  
  65KB
- MD5
  
  4a8df9c68451a7846fbbfb5213c450d8
- SHA1
  
  768de54634a27f2899887630427aea84bdd87bfc
- SHA256
  
  a84369ce6edeaef275e6973227e6212df23234e9c4649e73354b9b247559a13d
- SHA512
  
  ecf9a4d38dd3c18db9b48e872a5289fea5d648bd53a335322cac2015a57083d3e2fdd4213c197904cbf0af61a160a58d0317c7f72a03e93dc7d5257870fab9b3
- SSDEEP
  
  1536:QQaY0UNjLGv8S6STShvmv1jSXSNBOBVSTSBvmvGO+vUSsk6V:owO7
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Loki 1.8/Panel/inc/class/pCharts/class/pRadar.class.php
- Size
  
  33KB
- MD5
  
  164be607d90ef2cd65685a9a56162631
- SHA1
  
  da52bc88e278f1b9e0f2f7584e1b76bc24875e5d
- SHA256
  
  05b4befdb507843d814dd4d9d84747f2ae2a669432ecf07b7cfec71f23ea4bb5
- SHA512
  
  9b8d20509309b8dd865abfb47528c2bbbbc6e22ff7d31db24c3f4a4243ccafcf418d915c4cb1d8a9241142d4fbdf9da03683c24de9daad0c42f4b8bc2c94c075
- SSDEEP
  
  768:XT48Y447QxnJfsiqCxsbS8Aogpvx3MSq5xgi:XkJ5
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32