Overview

overview

10

Static

static

3

8cf1c74955...18.exe

windows7-x64

10

8cf1c74955...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8cf1c74955a561ce883a703b1faff789_JaffaCakes118

  • Size

    189KB

  • Sample

    240602-fj9z6abg4w

  • MD5

    8cf1c74955a561ce883a703b1faff789

  • SHA1

    14ffa74eac88ab864f68973ab3c748c143f4f84e

  • SHA256

    63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29

  • SHA512

    af20b6c77507164009d48b78809b87f0b46e69cc3ca589966c10af45d43a5f17cfc10285365cbd27352ef9ab28cc07c1f449d1e469ac94e43d2641629263b54c

  • SSDEEP

    3072:5qnjRL/VNFWAgO0DNqHel1zgO2mvPLXM5tMow7cCA6zMl:WjDK4W1zcmHrWqfcWzM

Score
10/10
lokibotcollectionpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://lokipanelhostingpanel.gq/panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8cf1c74955a561ce883a703b1faff789_JaffaCakes118

    • Size

      189KB

    • MD5

      8cf1c74955a561ce883a703b1faff789

    • SHA1

      14ffa74eac88ab864f68973ab3c748c143f4f84e

    • SHA256

      63eca8a02459496ca30e77bd24c25e3fc7513a886f7f7cb5e2c6978ba5d75e29

    • SHA512

      af20b6c77507164009d48b78809b87f0b46e69cc3ca589966c10af45d43a5f17cfc10285365cbd27352ef9ab28cc07c1f449d1e469ac94e43d2641629263b54c

    • SSDEEP

      3072:5qnjRL/VNFWAgO0DNqHel1zgO2mvPLXM5tMow7cCA6zMl:WjDK4W1zcmHrWqfcWzM

    Score
    10/10
    lokibotcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Modifies WinLogon for persistence

      persistence

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks