Overview

overview

10

Static

static

3

7f75700a46...18.exe

windows7-x64

10

7f75700a46...18.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f75700a46751dc62786afbd73e8ca31_JaffaCakes118

  • Size

    775KB

  • Sample

    240529-eq7b6sah25

  • MD5

    7f75700a46751dc62786afbd73e8ca31

  • SHA1

    7773fe6984907d111bc879ef93786a39d869d42b

  • SHA256

    45d30030e239b7243f97c05ed52dc4ad9fa3341dbf9c81044742867547abf3e2

  • SHA512

    65593bb1fec40c76d9fd0e578dbce9108cd6f0f92dce027b3647292fe3917b488c8a2e89ac29126c11e020a72058739977eeab7e67b8f503565670db051af159

  • SSDEEP

    12288:WetjyYO3ZzaSaz78gDcy5zxVXpjTrrHxqgtQ27P:J3sZzxA8gYoX5T/HFNr

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://107.175.150.73/~giftioz/.hoki/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7f75700a46751dc62786afbd73e8ca31_JaffaCakes118

    • Size

      775KB

    • MD5

      7f75700a46751dc62786afbd73e8ca31

    • SHA1

      7773fe6984907d111bc879ef93786a39d869d42b

    • SHA256

      45d30030e239b7243f97c05ed52dc4ad9fa3341dbf9c81044742867547abf3e2

    • SHA512

      65593bb1fec40c76d9fd0e578dbce9108cd6f0f92dce027b3647292fe3917b488c8a2e89ac29126c11e020a72058739977eeab7e67b8f503565670db051af159

    • SSDEEP

      12288:WetjyYO3ZzaSaz78gDcy5zxVXpjTrrHxqgtQ27P:J3sZzxA8gYoX5T/HFNr

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks