Overview

overview

10

Static

static

1

8b70f3d866...18.msi

windows7-x64

10

8b70f3d866...18.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b70f3d86655835f7049ab38c44d7c51_JaffaCakes118

  • Size

    964KB

  • Sample

    240601-xmzf9sbg8x

  • MD5

    8b70f3d86655835f7049ab38c44d7c51

  • SHA1

    936eb774499e15ff5fdc8dbb5ed0be0daf32e8a2

  • SHA256

    ad817bd5a7508402452d84a552cfb44361889fe0e57bcbe41015f88c639bb78f

  • SHA512

    8810071bb87c7c3e5945011331a8707e1b3d4abde42f6fbf881323ed796de52a324dc29a1af500497dfa8868195aba912fa910c4ada2e06c57abb7b0fa237d3a

  • SSDEEP

    12288:fE/McR5BLmwCKODs/KcrE693vojvq46MjAfituvhE6+9e3jG+PkPgFPdWTxDwFnI:fE0c3BCTK059693vorbnAiuqr2

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://parkerhdd.com/wp-admin/network/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8b70f3d86655835f7049ab38c44d7c51_JaffaCakes118

    • Size

      964KB

    • MD5

      8b70f3d86655835f7049ab38c44d7c51

    • SHA1

      936eb774499e15ff5fdc8dbb5ed0be0daf32e8a2

    • SHA256

      ad817bd5a7508402452d84a552cfb44361889fe0e57bcbe41015f88c639bb78f

    • SHA512

      8810071bb87c7c3e5945011331a8707e1b3d4abde42f6fbf881323ed796de52a324dc29a1af500497dfa8868195aba912fa910c4ada2e06c57abb7b0fa237d3a

    • SSDEEP

      12288:fE/McR5BLmwCKODs/KcrE693vojvq46MjAfituvhE6+9e3jG+PkPgFPdWTxDwFnI:fE0c3BCTK059693vorbnAiuqr2

    Score
    10/10
    lokibotspywarestealertrojancollection

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks