Overview

overview

10

Static

static

1

5939bad044...18.exe

windows7-x64

10

5939bad044...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5939bad044a5763658873d93bb168048_JaffaCakes118

  • Size

    386KB

  • Sample

    240519-h8ml9sgd3w

  • MD5

    5939bad044a5763658873d93bb168048

  • SHA1

    aa97178e23ee1f442c6dcc2c16b0ca632c32e4f1

  • SHA256

    dc9a63c4952c68974b6a42faeb959119dddcaa78e6c65e3d3eb22c6ac49ee463

  • SHA512

    baf4f53ea274d8daba786bf5b74dd4640967483e36b004a4fe3213e8f1c73c35be53cf5a393206de04800a24b4e5d68a74268a7efdb9ea28b4f059f19b1227f3

  • SSDEEP

    6144:PTzsTPy5qcT84lqPw/fGajt9hmbGi1dTTgIoxTfOBqKu:PT0Py5D6AG8t9hmKi1dTTgIM7+u

Score
10/10
lokibotagilenetcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://atikaluminyum-tr.com/dimple/fisad/crook.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5939bad044a5763658873d93bb168048_JaffaCakes118

    • Size

      386KB

    • MD5

      5939bad044a5763658873d93bb168048

    • SHA1

      aa97178e23ee1f442c6dcc2c16b0ca632c32e4f1

    • SHA256

      dc9a63c4952c68974b6a42faeb959119dddcaa78e6c65e3d3eb22c6ac49ee463

    • SHA512

      baf4f53ea274d8daba786bf5b74dd4640967483e36b004a4fe3213e8f1c73c35be53cf5a393206de04800a24b4e5d68a74268a7efdb9ea28b4f059f19b1227f3

    • SSDEEP

      6144:PTzsTPy5qcT84lqPw/fGajt9hmbGi1dTTgIoxTfOBqKu:PT0Py5D6AG8t9hmKi1dTTgIM7+u

    Score
    10/10
    lokibotagilenetspywarestealertrojancollection

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks