General

  • Target

    b6c69fd0d1e981e24033f1996c6c2b47_JaffaCakes118

  • Size

    44KB

  • Sample

    240617-e6wklsydmn

  • MD5

    b6c69fd0d1e981e24033f1996c6c2b47

  • SHA1

    9e906d668ff2a5d5cab0d406b12ce36984b8a068

  • SHA256

    6003e5600560078b16a3e6968d19583927dafcb6c61fd465267444192401093d

  • SHA512

    08980394079f94547cbf3b50ef97b2d9a5e2bf549964e386270d8bd6dcddf485e4919ee6ef9ef97941734ba1765a8e30b267216de3a52efe4f8b021e856280b1

  • SSDEEP

    768:yVYyyaN2wbTNNKRPeP+fvfOwg4hJoqTkb2ijK6ntpRtOmrNHSOwRMgXGDnDcz15U:4yaN2wbqRG+fOwr2YwK6njTrhSIbDy1S

Malware Config

Extracted

Family

lokibot

C2

http://educationhip.us/msword/poly/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SBU-KM0317112410070.exe

    • Size

      104KB

    • MD5

      61ba9ced091c877d9082fb21e86a704d

    • SHA1

      39c7b302bc8e72bcdf65c1b222a059ec9a9ecac8

    • SHA256

      44b50889fb84e4c802ece5d395ce5f6b6b9bab428a7558578a8b6efdfbb7feac

    • SHA512

      3500fd226fd9898e3604c0de587398240f0ca7dd7e7e4f3c5a0f2009cc4d77d7183c18e2bb837325f0509651f60d56de09aac1e0da2b71659350eca5b9aab766

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.