Overview

overview

10

Static

static

3

77e1ecfacc...18.exe

windows7-x64

10

77e1ecfacc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    77e1ecfacc8c3444831d0866058c2ed1_JaffaCakes118

  • Size

    416KB

  • Sample

    240527-exx23sfh3t

  • MD5

    77e1ecfacc8c3444831d0866058c2ed1

  • SHA1

    84ae5e8906cf1c3877d5e838e3b82ad92fbd72be

  • SHA256

    d3a1e1811321d144c179bc3b00236b7a991bfd8358a93b807c513b3943a7c342

  • SHA512

    60c5ca25ca170d5bd77fda2dfa8248a2048c1a5b5d635b319257ebe94e9541f16d536a39cfd8b00e659f86c356a397c10c947cba20a63257faeae8b71dababe2

  • SSDEEP

    3072:Y9yn+7IZ/8XWjLIFmL4oHBFXBgQzdGLbGvFcF2o4z/sLaK:e6+sZ/1V4oHfXJzg2c8obb

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://ipqbook.com/emmagroup/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      77e1ecfacc8c3444831d0866058c2ed1_JaffaCakes118

    • Size

      416KB

    • MD5

      77e1ecfacc8c3444831d0866058c2ed1

    • SHA1

      84ae5e8906cf1c3877d5e838e3b82ad92fbd72be

    • SHA256

      d3a1e1811321d144c179bc3b00236b7a991bfd8358a93b807c513b3943a7c342

    • SHA512

      60c5ca25ca170d5bd77fda2dfa8248a2048c1a5b5d635b319257ebe94e9541f16d536a39cfd8b00e659f86c356a397c10c947cba20a63257faeae8b71dababe2

    • SSDEEP

      3072:Y9yn+7IZ/8XWjLIFmL4oHBFXBgQzdGLbGvFcF2o4z/sLaK:e6+sZ/1V4oHfXJzg2c8obb

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Drops startup file

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks