General

  • Target

    7fcaedf4746c6cdafa0952b19f91cd76_JaffaCakes118

  • Size

    220KB

  • Sample

    240529-habgcadd7w

  • MD5

    7fcaedf4746c6cdafa0952b19f91cd76

  • SHA1

    d93b124f1d39ac442bc3e84a5808f9402f63307c

  • SHA256

    1599f071f87e26b764e7ff5900104986c92466bbca26105a4b1ab7247b63a659

  • SHA512

    147f989e5351f2b718faa9862ca5f64d1b5b6d7c47b464ae81fb783f4e68b9f092080a1fec763a30a0739aec845e79c6df71de1f262de59d037c727e9b0a102c

  • SSDEEP

    6144:ySQyaw5SeZ0zBNgTGNKEXcxb1mbAMfzRo1f8XOUrZBAbYtk:yby/5/Sz/gTGNKsSmbAMfVoaXJ3+5

Malware Config

Extracted

Family

lokibot

C2

http://metranix.top/mark/panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7fcaedf4746c6cdafa0952b19f91cd76_JaffaCakes118

    • Size

      220KB

    • MD5

      7fcaedf4746c6cdafa0952b19f91cd76

    • SHA1

      d93b124f1d39ac442bc3e84a5808f9402f63307c

    • SHA256

      1599f071f87e26b764e7ff5900104986c92466bbca26105a4b1ab7247b63a659

    • SHA512

      147f989e5351f2b718faa9862ca5f64d1b5b6d7c47b464ae81fb783f4e68b9f092080a1fec763a30a0739aec845e79c6df71de1f262de59d037c727e9b0a102c

    • SSDEEP

      6144:ySQyaw5SeZ0zBNgTGNKEXcxb1mbAMfzRo1f8XOUrZBAbYtk:yby/5/Sz/gTGNKsSmbAMfVoaXJ3+5

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.