Overview

overview

10

Static

static

10

a63022c5f7...18.exe

windows7-x64

10

a63022c5f7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a63022c5f723b5b33ff9c9037e8396db_JaffaCakes118

  • Size

    104KB

  • Sample

    240613-skfh6ayanj

  • MD5

    a63022c5f723b5b33ff9c9037e8396db

  • SHA1

    3d89427ca842b8259fdaab1fdb9ef9664ab7acc9

  • SHA256

    9db33a5e2907d5f7d2a1a6ef39234991bc32ec8ede92a7dc66679ff1b7c87e4a

  • SHA512

    edd9b8afe1871cb978f05e9de5bb0631946f8027b634f33032bd0a111f92627eb9a3415df1eab87b577e4285be693af3d54a5e7f9db8c4eb3249774f377666f6

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://jasleenoverseas.tech/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      a63022c5f723b5b33ff9c9037e8396db_JaffaCakes118

    • Size

      104KB

    • MD5

      a63022c5f723b5b33ff9c9037e8396db

    • SHA1

      3d89427ca842b8259fdaab1fdb9ef9664ab7acc9

    • SHA256

      9db33a5e2907d5f7d2a1a6ef39234991bc32ec8ede92a7dc66679ff1b7c87e4a

    • SHA512

      edd9b8afe1871cb978f05e9de5bb0631946f8027b634f33032bd0a111f92627eb9a3415df1eab87b577e4285be693af3d54a5e7f9db8c4eb3249774f377666f6

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks