Overview

overview

10

Static

static

10

1f87ec0c55...4e.exe

windows7-x64

10

1f87ec0c55...4e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e924002b4bf7fd9e352343108e3f540_JaffaCakes118

  • Size

    50KB

  • Sample

    240520-mehtfafh5z

  • MD5

    5e924002b4bf7fd9e352343108e3f540

  • SHA1

    0e189c6d66c63d3a001778d74743209cf93f6342

  • SHA256

    fc8556b22182db7fb639bb208764ec4f49e625a95d6a07562c3614316a4d1f40

  • SHA512

    b1c6b8e297f58c4e231e804b1cfa35795b0136e9281ed482fa0afe6e64422e991b686f22a98ca49564c4a45ff370722f1e38e52c8343c25298635b3be7a50e21

  • SSDEEP

    768:NKCqydsX95Cwip2159aJ8llhqDTVT6KzCuGks8c/Prv1WzB6LtfbnUiPYC236U4P:Ne7tHipEp1uhzdtckBat06UKXF31KG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://omann.ir/swagger/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1f87ec0c553dfc88312305cd316b469eb645384e

    • Size

      104KB

    • MD5

      b65f4fbd93b4a905b7a73099245a7215

    • SHA1

      1f87ec0c553dfc88312305cd316b469eb645384e

    • SHA256

      a596ccb810d172d002be4d5d59b9c0aa34dd3f9823f4b9501fbd286b44838c85

    • SHA512

      094a16638d3d195ff3a18deb10a2f225291e25db9fed7ec7c8eef077c349c530907d16e25463517ed234c6bf3fc8adecfbac9b01b672feed37f143e5e3c73eda

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks