Overview

overview

10

Static

static

3

Invoice , BL PL.exe

windows7-x64

10

Invoice , BL PL.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e55e8a914c95bf2d870101f499690e9_JaffaCakes118

  • Size

    350KB

  • Sample

    240520-lctbqadc37

  • MD5

    5e55e8a914c95bf2d870101f499690e9

  • SHA1

    aa3bfb621519e33638e6b7980e75241985c9320c

  • SHA256

    d4346f837594db57efc871d24c6aa589d4715a6b1e2b8aec37b32175a4d61574

  • SHA512

    6827b4c5519a843b2195e7cf8484be766b932d1eab07566212a3fe66ff4f130f1ef372122f2cf9ce06292cd42414c8d89293c0cca78b97bc316bf1432eb601f5

  • SSDEEP

    6144:ven2K0sZioHl/w4u65xJM0N72vOcdABTovi06/JBTaxitKA45cQdOAhR39:2n46LH+4d5IdkEa06xBT6iwwQdr/

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://phiheatings.ir/lordwap/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Invoice , BL PL.exe

    • Size

      580KB

    • MD5

      cfd5a9212c03d6cd24101bbb083caf72

    • SHA1

      6209ac252f364abe7591d5d49f61a65b47a9b8a0

    • SHA256

      10913c73533f13e0b03261b652561c4a0bba91dc00cc0a6941c0d816fc3a8069

    • SHA512

      26339a771f0bc514b6d88fd8c01717bfa8b094ed52bc9420906ab28e554c5533f589a238258e579ca7c7f4f085a593d6139e09dce0f6d913b5077ebf2d0ea254

    • SSDEEP

      12288:VD+78q1zTTdYWsoWDxCx5p4T6SFN9nhYv1:c7H3JYWsoW9CLp42W9n

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks