Overview

overview

10

Static

static

10

5cb1d59eda...18.exe

windows7-x64

10

5cb1d59eda...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cb1d59edaebf90565e56d936fbb6d99_JaffaCakes118

  • Size

    104KB

  • Sample

    240520-ctfyaafg8x

  • MD5

    5cb1d59edaebf90565e56d936fbb6d99

  • SHA1

    b3fe74d78539e876bb95909bf4ed226e17815625

  • SHA256

    330c55d73c25177cd5196c034310b8083cd76b3c782eaf23da8a30837facd1d9

  • SHA512

    76b7ea63a9ea490f645cd26403360cbdf652a5c62895b175305c94de98dbce5e399ccf8da390899f5d7bec0d8170e97fcd90d3e3e8087769024dd83a2fd5c0ea

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://200.74.240.214/samson/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5cb1d59edaebf90565e56d936fbb6d99_JaffaCakes118

    • Size

      104KB

    • MD5

      5cb1d59edaebf90565e56d936fbb6d99

    • SHA1

      b3fe74d78539e876bb95909bf4ed226e17815625

    • SHA256

      330c55d73c25177cd5196c034310b8083cd76b3c782eaf23da8a30837facd1d9

    • SHA512

      76b7ea63a9ea490f645cd26403360cbdf652a5c62895b175305c94de98dbce5e399ccf8da390899f5d7bec0d8170e97fcd90d3e3e8087769024dd83a2fd5c0ea

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks