Overview

overview

10

Static

static

3

abfd38c3de...18.exe

windows7-x64

10

abfd38c3de...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abfd38c3dec0cf8032d670c9ac9317bc_JaffaCakes118

  • Size

    665KB

  • Sample

    240614-3fqtfazhre

  • MD5

    abfd38c3dec0cf8032d670c9ac9317bc

  • SHA1

    eddc4812338bb8e1d2b45da8e60242224aa6eada

  • SHA256

    44fe4ae7b7e9ecf0bb52f39419f3cabc03c0c8fab4559175a4113f92fe208d4f

  • SHA512

    a352f49434760a5fcd9a9fa584a8b2d500f3a4ec95c7ea3358359fe54f72fa650b0c622ae88edd9a56f8e40ec367b3f767883f4c504f5436b7c48c9742fc0068

  • SSDEEP

    12288:AwJIJwJfaDdRGIIAB9OvX9fRftKtOZOakom7KQMTjoh:B6kfudH9OvNfXOakZ7K/g

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://publicspeaking.co.id/seun/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      abfd38c3dec0cf8032d670c9ac9317bc_JaffaCakes118

    • Size

      665KB

    • MD5

      abfd38c3dec0cf8032d670c9ac9317bc

    • SHA1

      eddc4812338bb8e1d2b45da8e60242224aa6eada

    • SHA256

      44fe4ae7b7e9ecf0bb52f39419f3cabc03c0c8fab4559175a4113f92fe208d4f

    • SHA512

      a352f49434760a5fcd9a9fa584a8b2d500f3a4ec95c7ea3358359fe54f72fa650b0c622ae88edd9a56f8e40ec367b3f767883f4c504f5436b7c48c9742fc0068

    • SSDEEP

      12288:AwJIJwJfaDdRGIIAB9OvX9fRftKtOZOakom7KQMTjoh:B6kfudH9OvNfXOakZ7K/g

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks