Overview

overview

10

Static

static

1

69cc954081...18.exe

windows7-x64

10

69cc954081...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69cc95408199878dc4d87b697932434c_JaffaCakes118

  • Size

    939KB

  • Sample

    240724-b7r22avakg

  • MD5

    69cc95408199878dc4d87b697932434c

  • SHA1

    fa1538caacb55c4bafd44687e81b847bddf85875

  • SHA256

    05fb9552b4433bf6a625995cf63b25a070a88be7ab579818f4719298ab5a74d1

  • SHA512

    4df790a9c6bcee9bd9a5a668db6f802a0b04abcd773197b44a52270076fbb0d0ae22465342be8b0f6fb3259dfdfd172eeb42ac780152f90b1808c8fb1d7b4a9e

  • SSDEEP

    384:XCOqVO2hqczovEsqGNCW/6W46pYLh8MPIwj+5/Xekh7ofLa04zdvQ3aSNq7hE9IR:XCOmYN+hQ

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://yachtservicegroup.cf/f2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      69cc95408199878dc4d87b697932434c_JaffaCakes118

    • Size

      939KB

    • MD5

      69cc95408199878dc4d87b697932434c

    • SHA1

      fa1538caacb55c4bafd44687e81b847bddf85875

    • SHA256

      05fb9552b4433bf6a625995cf63b25a070a88be7ab579818f4719298ab5a74d1

    • SHA512

      4df790a9c6bcee9bd9a5a668db6f802a0b04abcd773197b44a52270076fbb0d0ae22465342be8b0f6fb3259dfdfd172eeb42ac780152f90b1808c8fb1d7b4a9e

    • SSDEEP

      384:XCOqVO2hqczovEsqGNCW/6W46pYLh8MPIwj+5/Xekh7ofLa04zdvQ3aSNq7hE9IR:XCOmYN+hQ

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks