Overview

overview

10

Static

static

3

9e860f66b9...18.exe

windows7-x64

10

9e860f66b9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e860f66b980168829ab013924b0df6e_JaffaCakes118

  • Size

    332KB

  • Sample

    240611-rxcglazgpc

  • MD5

    9e860f66b980168829ab013924b0df6e

  • SHA1

    c4bb460d490634155ae089641dd048d4bbfde15f

  • SHA256

    699af86e7899b90b59a24daae57f0fa860bda79c0256e539847ffaf33589b7d7

  • SHA512

    034c78512912aa6ab0ad6cae9d1df22ad5de55f7353bbb8d809cf3afe4a2083d0f6d38c237e5a4d5d0b4d241f6ee08ead2d2a555d7309685a54cad8b9c39dbe6

  • SSDEEP

    6144:sfpuJGCZ9nVJb3EsWDlgfej/zEGOHb6+a:/JB9VJbFsIE

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://ipqbook.com/glory/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9e860f66b980168829ab013924b0df6e_JaffaCakes118

    • Size

      332KB

    • MD5

      9e860f66b980168829ab013924b0df6e

    • SHA1

      c4bb460d490634155ae089641dd048d4bbfde15f

    • SHA256

      699af86e7899b90b59a24daae57f0fa860bda79c0256e539847ffaf33589b7d7

    • SHA512

      034c78512912aa6ab0ad6cae9d1df22ad5de55f7353bbb8d809cf3afe4a2083d0f6d38c237e5a4d5d0b4d241f6ee08ead2d2a555d7309685a54cad8b9c39dbe6

    • SSDEEP

      6144:sfpuJGCZ9nVJb3EsWDlgfej/zEGOHb6+a:/JB9VJbFsIE

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks