Overview

overview

10

Static

static

3

7d5cc28894...18.exe

windows7-x64

10

7d5cc28894...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d5cc28894986820a784ecef9d580ccf_JaffaCakes118

  • Size

    535KB

  • Sample

    240528-r9d6ysaf39

  • MD5

    7d5cc28894986820a784ecef9d580ccf

  • SHA1

    7e26300016fd98f49480192c37e6936be45fd76f

  • SHA256

    7c4fd99f93bdbbfd9c527abcbb90bebd1596f932472a35c8e101b488ec09e7b2

  • SHA512

    6a844cc670d81537f2a219c12fe59788d8384d2a9eb91c787fa20d2ba315915259b88bf5c200aa16b05aebf45183936e36541feec42e4ba4133efc1b70b8db75

  • SSDEEP

    6144:+MK9gBn27sEcAvx+rovKXFYCJpXESOoPoGqbKsSomrftWOKfetwTZ:1K9guvIbqSpVO6Ebk1fLKmtAZ

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://fueda.info/sky/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7d5cc28894986820a784ecef9d580ccf_JaffaCakes118

    • Size

      535KB

    • MD5

      7d5cc28894986820a784ecef9d580ccf

    • SHA1

      7e26300016fd98f49480192c37e6936be45fd76f

    • SHA256

      7c4fd99f93bdbbfd9c527abcbb90bebd1596f932472a35c8e101b488ec09e7b2

    • SHA512

      6a844cc670d81537f2a219c12fe59788d8384d2a9eb91c787fa20d2ba315915259b88bf5c200aa16b05aebf45183936e36541feec42e4ba4133efc1b70b8db75

    • SSDEEP

      6144:+MK9gBn27sEcAvx+rovKXFYCJpXESOoPoGqbKsSomrftWOKfetwTZ:1K9guvIbqSpVO6Ebk1fLKmtAZ

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks