Overview

overview

10

Static

static

3

834300d014...18.exe

windows7-x64

10

834300d014...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    834300d014ae6e65201ce04d091219fc_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240530-gybataaa93

  • MD5

    834300d014ae6e65201ce04d091219fc

  • SHA1

    56af653938b12a12c4185ed71f221812c3fb4590

  • SHA256

    7eb32bdb92a9768dfc8f30f22365aaac0d57931a77bffd71eb928f72dcdeab1e

  • SHA512

    d8fa6271651ffa904e53f178a0d11907652169612ae7fea31207317de8901bdde153e7b13eeb40b7c7280c52df4d6cad23bc10d2735c74908482713a87997d58

  • SSDEEP

    24576:BhNH39BauJj6+QY2rTG0F1X1xBblqQ3loqjXtYXFyPV3GrugU8CMl7BR:LBDl8RhrTFF1FxtloMXtsyD8xBR

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://23.95.132.48/~main/.isuoxiso/w.php/2sN0gEZTW0LpL

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      834300d014ae6e65201ce04d091219fc_JaffaCakes118

    • Size

      1.3MB

    • MD5

      834300d014ae6e65201ce04d091219fc

    • SHA1

      56af653938b12a12c4185ed71f221812c3fb4590

    • SHA256

      7eb32bdb92a9768dfc8f30f22365aaac0d57931a77bffd71eb928f72dcdeab1e

    • SHA512

      d8fa6271651ffa904e53f178a0d11907652169612ae7fea31207317de8901bdde153e7b13eeb40b7c7280c52df4d6cad23bc10d2735c74908482713a87997d58

    • SSDEEP

      24576:BhNH39BauJj6+QY2rTG0F1X1xBblqQ3loqjXtYXFyPV3GrugU8CMl7BR:LBDl8RhrTFF1FxtloMXtsyD8xBR

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks