Overview

overview

10

Static

static

3

752a431f28...18.exe

windows7-x64

10

752a431f28...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    752a431f281dbd1e03fd965ce06fe59b_JaffaCakes118

  • Size

    476KB

  • Sample

    240526-mc6sgseh4x

  • MD5

    752a431f281dbd1e03fd965ce06fe59b

  • SHA1

    616c630547c2b6f6cd2ddae2076e503e893f801a

  • SHA256

    7e7bde85bc6eae55c57ac23ce05c5659de5c3a217566b0c738d7e8ab8cc0f108

  • SHA512

    887d1115fb7d8a38adcdc8a024891b257c27e3e1f7d0e9173029ae5a0a7db9ec9df1bdcfe849cb1a77d80dccb4bdc5300b5dc85b1a15ffb16901c45c66329f70

  • SSDEEP

    12288:un50ttZPsh6vIiJ3Qi92O4lXn5SLBKE8qto3e6VXhbFGr:uwPekD998X50GqaJVRbFGr

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://slowidyter.us/loiptert/teryiopput/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      752a431f281dbd1e03fd965ce06fe59b_JaffaCakes118

    • Size

      476KB

    • MD5

      752a431f281dbd1e03fd965ce06fe59b

    • SHA1

      616c630547c2b6f6cd2ddae2076e503e893f801a

    • SHA256

      7e7bde85bc6eae55c57ac23ce05c5659de5c3a217566b0c738d7e8ab8cc0f108

    • SHA512

      887d1115fb7d8a38adcdc8a024891b257c27e3e1f7d0e9173029ae5a0a7db9ec9df1bdcfe849cb1a77d80dccb4bdc5300b5dc85b1a15ffb16901c45c66329f70

    • SSDEEP

      12288:un50ttZPsh6vIiJ3Qi92O4lXn5SLBKE8qto3e6VXhbFGr:uwPekD998X50GqaJVRbFGr

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks