Overview

overview

10

Static

static

10

61d58a52c9...18.exe

windows7-x64

10

61d58a52c9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61d58a52c94cbde716aad05ad5418015_JaffaCakes118

  • Size

    104KB

  • Sample

    240521-dlfg8aff68

  • MD5

    61d58a52c94cbde716aad05ad5418015

  • SHA1

    6270bbecb81946596e572e0854a6c4329c330324

  • SHA256

    b338ca623279ec0f602a0157e44696b50d1b8aec8914457f9e9f67ea89b9ad1a

  • SHA512

    8ee61e9b9b85ddeaee063cbe8a7dd9312770ea7c559ab111a3a9967e48fb3b13305bc20b3fc1645a351ee47aa760ef39d74c998b756e98cf6ddbf6e0a7435dde

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://boistans.com/stuff/Panel/bianchi/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      61d58a52c94cbde716aad05ad5418015_JaffaCakes118

    • Size

      104KB

    • MD5

      61d58a52c94cbde716aad05ad5418015

    • SHA1

      6270bbecb81946596e572e0854a6c4329c330324

    • SHA256

      b338ca623279ec0f602a0157e44696b50d1b8aec8914457f9e9f67ea89b9ad1a

    • SHA512

      8ee61e9b9b85ddeaee063cbe8a7dd9312770ea7c559ab111a3a9967e48fb3b13305bc20b3fc1645a351ee47aa760ef39d74c998b756e98cf6ddbf6e0a7435dde

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks