Overview

overview

10

Static

static

3

579506247c...18.exe

windows7-x64

1

579506247c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    579506247c2dae703d6593980e3d9ed1_JaffaCakes118

  • Size

    296KB

  • Sample

    240519-ag7t5aga74

  • MD5

    579506247c2dae703d6593980e3d9ed1

  • SHA1

    9fc38df85161d0f71ca99cb011df03bd2764d25b

  • SHA256

    019114995144b61e8c5efba8fcb317aa1e73a2fbd6275faf2dae8205080b67cc

  • SHA512

    e23bf952d0ab75000a725f32ef5e43c1d2f0de6dd82ba3f3bdd8606254959ddc3a6d3605b7eae807983f7314b0f05dec6c91b33a4398859b1587618075864243

  • SSDEEP

    6144:VbprdJH5x43qQmNuLI0MfgDMkL7boLiUYoQ:Zprd23tmQLAf0Ms7borW

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://eastcoastrest.com/jog/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      579506247c2dae703d6593980e3d9ed1_JaffaCakes118

    • Size

      296KB

    • MD5

      579506247c2dae703d6593980e3d9ed1

    • SHA1

      9fc38df85161d0f71ca99cb011df03bd2764d25b

    • SHA256

      019114995144b61e8c5efba8fcb317aa1e73a2fbd6275faf2dae8205080b67cc

    • SHA512

      e23bf952d0ab75000a725f32ef5e43c1d2f0de6dd82ba3f3bdd8606254959ddc3a6d3605b7eae807983f7314b0f05dec6c91b33a4398859b1587618075864243

    • SSDEEP

      6144:VbprdJH5x43qQmNuLI0MfgDMkL7boLiUYoQ:Zprd23tmQLAf0Ms7borW

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks