General

  • Target

    9055daadf3a0a7ba99c0cc5b21be6a3b_JaffaCakes118

  • Size

    468KB

  • Sample

    240603-djtxtsgh7v

  • MD5

    9055daadf3a0a7ba99c0cc5b21be6a3b

  • SHA1

    38a4b8845b6d371b13374d8fe922bbae177185de

  • SHA256

    5b462673db1b309dfaadd4b425a6d8a7acde7daa5fd59b6cde38aca5921cbc1f

  • SHA512

    bcc6408a1801291feb6ba2adf2790def2379d55f164a4c7a4ab626e41ce31f5042337b5e9c4259509e9b04b6d846cc490de08d4dd12c41953e221f15796894ee

  • SSDEEP

    6144:bO/pdbOr/CyUEUJo2s6NtZqR/ooJKQq26oJ5YQvPF1rvymywX:b0dGKzRJdsM7qR/oKKQf6axvPHrvymJ

Malware Config

Extracted

Family

lokibot

C2

https://via33.net.br/painel/domain/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9055daadf3a0a7ba99c0cc5b21be6a3b_JaffaCakes118

    • Size

      468KB

    • MD5

      9055daadf3a0a7ba99c0cc5b21be6a3b

    • SHA1

      38a4b8845b6d371b13374d8fe922bbae177185de

    • SHA256

      5b462673db1b309dfaadd4b425a6d8a7acde7daa5fd59b6cde38aca5921cbc1f

    • SHA512

      bcc6408a1801291feb6ba2adf2790def2379d55f164a4c7a4ab626e41ce31f5042337b5e9c4259509e9b04b6d846cc490de08d4dd12c41953e221f15796894ee

    • SSDEEP

      6144:bO/pdbOr/CyUEUJo2s6NtZqR/ooJKQq26oJ5YQvPF1rvymywX:b0dGKzRJdsM7qR/oKKQf6axvPHrvymJ

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks