Overview

overview

10

Static

static

3

77a9bf1a5b...18.exe

windows7-x64

10

77a9bf1a5b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77a9bf1a5bf83aafee87bfb37d935ab1_JaffaCakes118

  • Size

    802KB

  • Sample

    240527-dahs7sdf3s

  • MD5

    77a9bf1a5bf83aafee87bfb37d935ab1

  • SHA1

    b4e5ebab6d2834ebb35d0a25ad0695af7d595edb

  • SHA256

    cb786b6896effbf83f899d705e315092bf1cff30958a658cd4a04ec6eb3daa8c

  • SHA512

    b38ba2c1c8e64bc4f833f0af5ddd45ce8a8c95c8b1c5785d66f61d2d510538ced70ee03d9b675cf1705b1ce06920f2fd13f253200cf7f2946e62cf03637b00fa

  • SSDEEP

    12288:yb6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hOddu+5LZN07ttm8:LeSHhYRRxOVGcxJBdb1mdu+327ttx

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/wP7QgB3anAP8F

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      77a9bf1a5bf83aafee87bfb37d935ab1_JaffaCakes118

    • Size

      802KB

    • MD5

      77a9bf1a5bf83aafee87bfb37d935ab1

    • SHA1

      b4e5ebab6d2834ebb35d0a25ad0695af7d595edb

    • SHA256

      cb786b6896effbf83f899d705e315092bf1cff30958a658cd4a04ec6eb3daa8c

    • SHA512

      b38ba2c1c8e64bc4f833f0af5ddd45ce8a8c95c8b1c5785d66f61d2d510538ced70ee03d9b675cf1705b1ce06920f2fd13f253200cf7f2946e62cf03637b00fa

    • SSDEEP

      12288:yb6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hOddu+5LZN07ttm8:LeSHhYRRxOVGcxJBdb1mdu+327ttx

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks