Overview

overview

10

Static

static

3

2271848f7a...18.exe

windows7-x64

10

2271848f7a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2271848f7ac6051ae3846d7b017183bb_JaffaCakes118

  • Size

    761KB

  • Sample

    240728-zdvg3atanl

  • MD5

    2271848f7ac6051ae3846d7b017183bb

  • SHA1

    4fd1f6a627db22b6609917e64be9f53f90225108

  • SHA256

    ad764059a603e82018e8716c62e972b42771bf5116f0279bee89e967ce287477

  • SHA512

    ab7c616131564c73362a7fd8f87ec17491950a0578b4d2dffeb2f4d0919d6afb4c1b6cd36c622c77089a505333b5dd28d659e3c502e84ab62ddf4d13e042f9ae

  • SSDEEP

    12288:zyBJuj3oZiJWzsVn/b67C4hYFvaNXYFl/ZijHU1aSa6pIGGX8qZyTNOGN/P5d+6+:zyB4j3WwLnGjh8vKoFpZiQPFqqOE46+

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://hfktichen.com/kaka/kaka4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2271848f7ac6051ae3846d7b017183bb_JaffaCakes118

    • Size

      761KB

    • MD5

      2271848f7ac6051ae3846d7b017183bb

    • SHA1

      4fd1f6a627db22b6609917e64be9f53f90225108

    • SHA256

      ad764059a603e82018e8716c62e972b42771bf5116f0279bee89e967ce287477

    • SHA512

      ab7c616131564c73362a7fd8f87ec17491950a0578b4d2dffeb2f4d0919d6afb4c1b6cd36c622c77089a505333b5dd28d659e3c502e84ab62ddf4d13e042f9ae

    • SSDEEP

      12288:zyBJuj3oZiJWzsVn/b67C4hYFvaNXYFl/ZijHU1aSa6pIGGX8qZyTNOGN/P5d+6+:zyB4j3WwLnGjh8vKoFpZiQPFqqOE46+

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks