Overview

overview

10

Static

static

3

RYKAWEnpep6RbEt.exe

windows7-x64

10

RYKAWEnpep6RbEt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6334e22d48264175e362eba0f4de6812_JaffaCakes118

  • Size

    462KB

  • Sample

    240722-phay4sxblh

  • MD5

    6334e22d48264175e362eba0f4de6812

  • SHA1

    4ae50aea624f862aa9b9c7d28f77a95854917644

  • SHA256

    0adca1b076ec63f4af9857346b2dd8e986feb2e4e9790b3e4bbfe70495a3399d

  • SHA512

    58f1b3600eb37b370e9914e87b0a180154a9bc378941172a09911f34bbacd11523fa80f8dfacbfe5efad9e3a4252ef1f8183110dc9784409c32883067dce9940

  • SSDEEP

    12288:/uU87Xnsnlfr2S7BfyrYtyPgFpIc+BZ2Yj6rzz:AXsnlfr2SwYyoFpIFgYGrH

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://byorn.us/kaka/kaka1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      RYKAWEnpep6RbEt.exe

    • Size

      519KB

    • MD5

      9568c0d01e18776fe76cd6e8b269666d

    • SHA1

      8e0b1b887167f8522fb050659685471db1c56b7a

    • SHA256

      31d2d46288e99c3c702b3302bb061c0cab77612e7ff9e5488bbd1e9099760be1

    • SHA512

      8d80a7a4772094f0d681c9908c6bd1777afc7889db1d5a1373992203f1add4f50e8fafa0fe3b0437ca5fd985fccfc037cd1785337098d3a7140f91da859ef259

    • SSDEEP

      12288:aMmrEMRPt1beVXvUuT0BT86aPnIpRiuLvgJMj1xrOUwwk:u/PtkUqAH5LvgijXk

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks