General

  • Target

    9bb95042a017e92103c34f358c19320a_JaffaCakes118

  • Size

    344KB

  • Sample

    240610-x1k6ssxdka

  • MD5

    9bb95042a017e92103c34f358c19320a

  • SHA1

    61606b03fb9777145da257d982a65eba60d0b7cd

  • SHA256

    01ba9bd818a251204f2d68543cf8ba4b5a0005397c89a873e30edd24c4ceb85c

  • SHA512

    435bad0f9ac04a1ef5db19b786c4b480a8054ab129e7e019b980d141a96755ccd120f476f8cfa3087b7ab6558567072123f802d568390aa1b96b136da7d07137

  • SSDEEP

    6144:lUn2IyDxNZXzvEoedIjsTB2kLVsEQL9/YfmLQNBAoU3tXkxJVkYgjMDqM8wpdb:l62Ie5EHd5B2MVsXL9/YfNaXuVzDqxwD

Malware Config

Extracted

Family

lokibot

C2

http://79.124.8.8/plesk-site-preview/chongelctricals.com/http/79.124.8.8/adamsn/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SIAM-QUOTATION.exe

    • Size

      591KB

    • MD5

      a8b84bcbbb2a7dbc7f1e7f8d6bb4ac7b

    • SHA1

      82a1c7efa58812bbbbf09ac4138489ae2a208e61

    • SHA256

      53258d5a784117d739165d30e3897102aebb2496fb781294254dded4de8029ee

    • SHA512

      b2f7e2cc69646ed1f57fe8faf85ff04e6f0c6d2c0997e621255194d6b40c56136004ede78196b50dde0de88ccf654aab98e54decc7950c3cc84cb82a5ae086d1

    • SSDEEP

      12288:RsUML1/s5tVs5NApy6EUowkbTsTaBy0AgW:KzLimARZsTsamx

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.