General

  • Target

    61d58a52c94cbde716aad05ad5418015_JaffaCakes118

  • Size

    104KB

  • Sample

    240521-dlfg8aff68

  • MD5

    61d58a52c94cbde716aad05ad5418015

  • SHA1

    6270bbecb81946596e572e0854a6c4329c330324

  • SHA256

    b338ca623279ec0f602a0157e44696b50d1b8aec8914457f9e9f67ea89b9ad1a

  • SHA512

    8ee61e9b9b85ddeaee063cbe8a7dd9312770ea7c559ab111a3a9967e48fb3b13305bc20b3fc1645a351ee47aa760ef39d74c998b756e98cf6ddbf6e0a7435dde

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Malware Config

Extracted

Family

lokibot

C2

https://boistans.com/stuff/Panel/bianchi/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      61d58a52c94cbde716aad05ad5418015_JaffaCakes118

    • Size

      104KB

    • MD5

      61d58a52c94cbde716aad05ad5418015

    • SHA1

      6270bbecb81946596e572e0854a6c4329c330324

    • SHA256

      b338ca623279ec0f602a0157e44696b50d1b8aec8914457f9e9f67ea89b9ad1a

    • SHA512

      8ee61e9b9b85ddeaee063cbe8a7dd9312770ea7c559ab111a3a9967e48fb3b13305bc20b3fc1645a351ee47aa760ef39d74c998b756e98cf6ddbf6e0a7435dde

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks