Overview

overview

10

Static

static

3

97b4a9daae...18.exe

windows7-x64

10

97b4a9daae...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97b4a9daae17f222e74bf29cb17cb993_JaffaCakes118

  • Size

    238KB

  • Sample

    240605-k42xhacd86

  • MD5

    97b4a9daae17f222e74bf29cb17cb993

  • SHA1

    f54f977ef4caff7db6876111a2b910c3b0a3200c

  • SHA256

    68942496e531806f99429c1ab642461aa0e25d0046b9bb508d83c36fa72e6bf5

  • SHA512

    f05f2b4c4e783daa51d3e9370b659df6987af8034995e9dd1435d6c1912807fc6ec6c3029d4fe366941dc1a8c9a694ed3a7b3bee266d13e4cc8ef4d90c30736d

  • SSDEEP

    6144:nKpiZHDCvlpsreLv4u5WRFTf9d7LuMet2f0RF3V:nKpiZH+l4UWHfL7ad2f0RN

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://geranntibankasi.com/corp/nel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      97b4a9daae17f222e74bf29cb17cb993_JaffaCakes118

    • Size

      238KB

    • MD5

      97b4a9daae17f222e74bf29cb17cb993

    • SHA1

      f54f977ef4caff7db6876111a2b910c3b0a3200c

    • SHA256

      68942496e531806f99429c1ab642461aa0e25d0046b9bb508d83c36fa72e6bf5

    • SHA512

      f05f2b4c4e783daa51d3e9370b659df6987af8034995e9dd1435d6c1912807fc6ec6c3029d4fe366941dc1a8c9a694ed3a7b3bee266d13e4cc8ef4d90c30736d

    • SSDEEP

      6144:nKpiZHDCvlpsreLv4u5WRFTf9d7LuMet2f0RF3V:nKpiZH+l4UWHfL7ad2f0RN

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks