Overview

overview

10

Static

static

3

8b590e4fff...18.exe

windows7-x64

10

8b590e4fff...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b590e4fff4a359ce64fb06c26ecce3b_JaffaCakes118

  • Size

    908KB

  • Sample

    240601-wzrfrabf23

  • MD5

    8b590e4fff4a359ce64fb06c26ecce3b

  • SHA1

    ae5ffc2c2544dd9a1012052f5f58a080886654f3

  • SHA256

    1ff7e9d153991071f612347c0f75ecc3b9aa2dd76038423e7195e175d8cc7d66

  • SHA512

    9dfed737e6989e499aa8f43a981507d056afd00456fd886dbf485ce244218c4047fd3ca25b52f5d266e7fb870092826bc22d38cb8b46fdaec6f28b6fac8ad556

  • SSDEEP

    24576:DPsI6ZUkHu65h1OJSy71+HPBD1Lby3T7h:paFO65h1ODELby3T

Score
10/10
lokibotzgratcollectionratspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://shopper.bulutlogistic.com/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8b590e4fff4a359ce64fb06c26ecce3b_JaffaCakes118

    • Size

      908KB

    • MD5

      8b590e4fff4a359ce64fb06c26ecce3b

    • SHA1

      ae5ffc2c2544dd9a1012052f5f58a080886654f3

    • SHA256

      1ff7e9d153991071f612347c0f75ecc3b9aa2dd76038423e7195e175d8cc7d66

    • SHA512

      9dfed737e6989e499aa8f43a981507d056afd00456fd886dbf485ce244218c4047fd3ca25b52f5d266e7fb870092826bc22d38cb8b46fdaec6f28b6fac8ad556

    • SSDEEP

      24576:DPsI6ZUkHu65h1OJSy71+HPBD1Lby3T7h:paFO65h1ODELby3T

    Score
    10/10
    lokibotzgratcollectionratspywarestealertrojan

    • Detect ZGRat V2

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks