Overview

overview

10

Static

static

3

62f2e034aa...18.exe

windows7-x64

10

62f2e034aa...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$TEMP/chan...te.exe

windows7-x64

1

$TEMP/chan...te.exe

windows10-2004-x64

1

$TEMP/paratrooper.dll

windows7-x64

1

$TEMP/paratrooper.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62f2e034aa235b69584d837c0f7544d3_JaffaCakes118

  • Size

    263KB

  • Sample

    240521-meh47saa4t

  • MD5

    62f2e034aa235b69584d837c0f7544d3

  • SHA1

    332d521835d01c12bbc4ca88529e07cdf830d2ab

  • SHA256

    6bc73333bf9ae12bdcedccc1ecd28acfc70f2b17d95c55d67e87100ee6040572

  • SHA512

    8c44b48c0f3e2a5d758764c6996f5cf50c01ed46c77c30289a0b684f0eb63d76f06b45797232f88619018e634d2dc23435d6201384ea121d159bb569fd22fdf4

  • SSDEEP

    6144:m7eTpOgBmLTVQkGEgh61eFk95eW8o/GzHhr4k2XrZxUVtQP9p:QmdBUThA6pvNA/27ZxUVtQVp

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://backbaymall.ga/~zadmin/lmark/jojo/link.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      62f2e034aa235b69584d837c0f7544d3_JaffaCakes118

    • Size

      263KB

    • MD5

      62f2e034aa235b69584d837c0f7544d3

    • SHA1

      332d521835d01c12bbc4ca88529e07cdf830d2ab

    • SHA256

      6bc73333bf9ae12bdcedccc1ecd28acfc70f2b17d95c55d67e87100ee6040572

    • SHA512

      8c44b48c0f3e2a5d758764c6996f5cf50c01ed46c77c30289a0b684f0eb63d76f06b45797232f88619018e634d2dc23435d6201384ea121d159bb569fd22fdf4

    • SSDEEP

      6144:m7eTpOgBmLTVQkGEgh61eFk95eW8o/GzHhr4k2XrZxUVtQP9p:QmdBUThA6pvNA/27ZxUVtQVp

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      fbe295e5a1acfbd0a6271898f885fe6a

    • SHA1

      d6d205922e61635472efb13c2bb92c9ac6cb96da

    • SHA256

      a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1

    • SHA512

      2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06

    • SSDEEP

      192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/UserInfo.dll

    • Size

      4KB

    • MD5

      7836f464ae0102452e94a363b491b759

    • SHA1

      59909a48448b99e2eb9cd336d81d60764da59f31

    • SHA256

      11adf8916947b5a20a071b494fa034cf62769dcc6293a1340b29a5bb29ac8e87

    • SHA512

      5ed63eefa1b3b3caad4cb762ccb8419c05bcad3da3a7415235cda2d2a1f79eb018503ca30a0a92d6b72160327decea9a70c48e0c28de94dd67303d4aea4a02db

    Score
    3/10
    behavioral5behavioral6

    • Target

      $TEMP/change/aspnetstate.exe

    • Size

      29KB

    • MD5

      d33c507942299753868204cc7642fa27

    • SHA1

      671870a43febef51228e8507b36d0cb6ffa0cff2

    • SHA256

      4e7096d6f4b1176c4823540427219988ac9180e70954d3bf32a6c15ed1332670

    • SHA512

      ae4516a061a8e8b22780043685485126a96feff6917d5e52574d3afdd957d44d051e6c437eb499260a5980959ea3162b18496f2bce8a56b6aec85df6da5e565a

    • SSDEEP

      768:fNalEibjHz9kFmw0D+iwGqC+iIL3d/o+g:fPS6cw05wGj7IR/oF

    Score
    1/10
    behavioral7behavioral8

    • Target

      $TEMP/paratrooper.dll

    • Size

      64KB

    • MD5

      6454128223fdb4e7177ba6b89e935784

    • SHA1

      26b6388a297f9286ec5788bfb752223a1cbf5eb5

    • SHA256

      9cd07c670e452c1728cee3415eb033a78a213b48f1a0841d5a104542c52cf9e7

    • SHA512

      05790d6c405e0b147d66ab7e23757923145bed3e57714288fc7ea74670f012114b1c77b0f479e329c072045d33f7e4bb9f288424e4f65571e8bf3efd1482b829

    • SSDEEP

      768:jDNoVwuc8EzAk/13pi9Ihg9r+1KU7CZHxkPR3JBZPXPEeZz1VtvpTDJorp:FoRc8iaIK96wUeQPXnftxDa

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks