Overview

overview

10

Static

static

3

b2f4dafb10...18.exe

windows7-x64

10

b2f4dafb10...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2f4dafb1024784999cd041a262fd6f4_JaffaCakes118

  • Size

    567KB

  • Sample

    240616-l7szfazaka

  • MD5

    b2f4dafb1024784999cd041a262fd6f4

  • SHA1

    736d5488d65b99ccf9f3de576910dc275f166818

  • SHA256

    71455e610f8b5005a92e6e4eb80f17d0a23d166a58c1285dbf3ccd23ae22e071

  • SHA512

    3bc851771a8889781e5b825c285e5e95421a913a0531f44eaa147f79d1509f3415191e647e89f0803cc1a9f45754cec7c11b413cf0ccb1344b67070aef3e4696

  • SSDEEP

    6144:7M7+1KxQDEMbJHdXoKbUvn+bTlLoetAkBJKjjJUVwqnHQg+129HB1UsYbFoK1xsF:7MK18MT4KTlkSv89kwMK29HBBF

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://fortindo-fsm.com/heloo/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b2f4dafb1024784999cd041a262fd6f4_JaffaCakes118

    • Size

      567KB

    • MD5

      b2f4dafb1024784999cd041a262fd6f4

    • SHA1

      736d5488d65b99ccf9f3de576910dc275f166818

    • SHA256

      71455e610f8b5005a92e6e4eb80f17d0a23d166a58c1285dbf3ccd23ae22e071

    • SHA512

      3bc851771a8889781e5b825c285e5e95421a913a0531f44eaa147f79d1509f3415191e647e89f0803cc1a9f45754cec7c11b413cf0ccb1344b67070aef3e4696

    • SSDEEP

      6144:7M7+1KxQDEMbJHdXoKbUvn+bTlLoetAkBJKjjJUVwqnHQg+129HB1UsYbFoK1xsF:7MK18MT4KTlkSv89kwMK29HBBF

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks