General
-
Target
5473524383440f83d59b2eadc7495b61_JaffaCakes118
-
Size
337KB
-
Sample
240729-vm5beathkg
-
MD5
5473524383440f83d59b2eadc7495b61
-
SHA1
dec4fdbd8139b74fe87af50e1033e23e0b64d61b
-
SHA256
22e10e8d63c0b331535290111d6e1866d793701cb3bd45f4c28362059337c6b2
-
SHA512
9c1c54d01595f2a899e2e0a6365da0dc38b578eb26345521f49f265edd8ba7cee75ce3ed354746d83d4e9da0ec03a911493343f243fa68b54dcb7b545db4a30c
-
SSDEEP
6144:/ONbaQm3NuOHwvIhbVokh3QU/Hhdeopow:GVaQm3NuOGIhbV9gUPhsiow
Malware Config
Extracted
lokibot
http://pldtdsll.net/fishyoiu/fishtery77/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5473524383440f83d59b2eadc7495b61_JaffaCakes118
-
Size
337KB
-
MD5
5473524383440f83d59b2eadc7495b61
-
SHA1
dec4fdbd8139b74fe87af50e1033e23e0b64d61b
-
SHA256
22e10e8d63c0b331535290111d6e1866d793701cb3bd45f4c28362059337c6b2
-
SHA512
9c1c54d01595f2a899e2e0a6365da0dc38b578eb26345521f49f265edd8ba7cee75ce3ed354746d83d4e9da0ec03a911493343f243fa68b54dcb7b545db4a30c
-
SSDEEP
6144:/ONbaQm3NuOHwvIhbVokh3QU/Hhdeopow:GVaQm3NuOGIhbV9gUPhsiow
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1