Overview

overview

10

Static

static

3

factura co...DF.exe

windows7-x64

10

factura co...DF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35a1a922c2795e00bb11f965b82417bf_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240710-vpmt5szbjj

  • MD5

    35a1a922c2795e00bb11f965b82417bf

  • SHA1

    c74fb2cbda612c79f9904213f77e67d3983357e0

  • SHA256

    3e32346bf488924f661137378e6033d8197807505dbc55169cf4164ffc6bacaf

  • SHA512

    6cb6f69f7abfa21ea838df4f2a8a8b04ed05e71ece3a9f711698a09c3c55507e938de8164bbdf5d690d18c3ee650069b883e08134b4636a675902d2d34f0d969

  • SSDEEP

    24576:q8TXmXIVKm/aNQQbGptpnBWEGByp5jN7Nf+X7dERn:9qcKJ2kknBWEGByp5jP+ZEB

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/dklX59XNxRkB6

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      factura comercial BL y lista de empaque.PDF.bat

    • Size

      1.3MB

    • MD5

      0a5bc1c3e2426c5fcf8341d200071338

    • SHA1

      2fcf867d1692ebec63d0010c473bb0b8ff03766d

    • SHA256

      e8c78ef2a5175d847691667ee06e4efc258139d99fdc55d402d0c1295cd7ba9c

    • SHA512

      936dd7456e94591772f9a9299d9a42428c5140c376c4f18c77e8f794867f2116eee6f4c8a53b584794a0b8186443b5f42945531eb1127c5bd1bdaef660ae4355

    • SSDEEP

      24576:y8TXmXIVKm/aNQQbGptpnBWEGByp5jN7Nf+X7dERn:VqcKJ2kknBWEGByp5jP+ZEB

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks