Overview

overview

10

Static

static

3

8798c00334...18.exe

windows7-x64

10

8798c00334...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8798c003342136f21a6072fbaed735fd_JaffaCakes118

  • Size

    367KB

  • Sample

    240531-tp6ftadf8w

  • MD5

    8798c003342136f21a6072fbaed735fd

  • SHA1

    f98d07c31a80cbb95c1ce910260c503784c8decd

  • SHA256

    556e557fa19e6fb73aa86c853cb4028f624f063d7876fb3d4e1f852bd8feb6da

  • SHA512

    4cb9748519cf68d6c556e83988f85ed47dabf3b6fc48e11ca8cc4a48b93050c358372e54bc77479dd4b58f14d344863d68ce5b92db563bf423666746913616f3

  • SSDEEP

    6144:F8PDjxZuyhDf81zUuGutRJzSLipkxBQAqTzLVJRHesE:F2DayhD4zBGutfSepkxPqvJHhE

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://apacino-wire.ga/parkson/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8798c003342136f21a6072fbaed735fd_JaffaCakes118

    • Size

      367KB

    • MD5

      8798c003342136f21a6072fbaed735fd

    • SHA1

      f98d07c31a80cbb95c1ce910260c503784c8decd

    • SHA256

      556e557fa19e6fb73aa86c853cb4028f624f063d7876fb3d4e1f852bd8feb6da

    • SHA512

      4cb9748519cf68d6c556e83988f85ed47dabf3b6fc48e11ca8cc4a48b93050c358372e54bc77479dd4b58f14d344863d68ce5b92db563bf423666746913616f3

    • SSDEEP

      6144:F8PDjxZuyhDf81zUuGutRJzSLipkxBQAqTzLVJRHesE:F2DayhD4zBGutfSepkxPqvJHhE

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks