Overview

overview

10

Static

static

3

ud.exe

windows7-x64

10

ud.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a6e35bcc04d6ac702c3dfee624b8b63_JaffaCakes118

  • Size

    214KB

  • Sample

    240527-zapgmsac67

  • MD5

    7a6e35bcc04d6ac702c3dfee624b8b63

  • SHA1

    52cfaff87271682b371ee2ba13704d4ad2f6ab1c

  • SHA256

    a23b8bb740ea8dff264a8a45653fbc10f1c1527867b46cd3da943a2eb12ef87e

  • SHA512

    6083815ebf83f2d40379b94afa4ff06ff0b0a1dcd2900436b9da8522588cc52a0e87fa072fa94da0250ef13414e0c7fb40de6e0de860d6a92ad590b3ff8661f5

  • SSDEEP

    3072:td9VG48lJmAmgrDgxB9j0ircWqB+4FOu1/6jkw55UkzulXTArtMYk+oWrlnu:td9T8mAUpc1g4FF/6MRArtMN+M

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://theonlygoodman.com/bed/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ud.exe

    • Size

      344KB

    • MD5

      561522b048ef454071a3137b8718f4e6

    • SHA1

      9f43eaa35f1b0c5fe42a7b60f03de01ff964ee3f

    • SHA256

      d4876fda8197ab8498fc148c106734f4d2f44889f2d90b77d29c3f3c620a71c9

    • SHA512

      6131e18dfe0176069ee0226b2c6d69282512592b9ccc7bee9bb28b4e264dea2098e714abad5e9f8161d7885a90d60229bde0611a23ad9e177cca0213b783a377

    • SSDEEP

      6144:eF9M/cNmHJ72dpKRNl5xguVGQAFctkzWSsm4:YM0NmHJ74Yzl5xiEkiSX4

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks