Overview

overview

10

Static

static

3

win32.exe

windows7-x64

10

win32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bedcbadfbf022044087051b507e5723_JaffaCakes118

  • Size

    193KB

  • Sample

    240730-be3m3avapa

  • MD5

    6bedcbadfbf022044087051b507e5723

  • SHA1

    4fd9ff69d651c3c9ef42a756512032d6ae9f288c

  • SHA256

    da3baccf846d83fcd3741356aae3c5e9bed59f6217a13a9c900e2a20330ac80e

  • SHA512

    e02b484222b9a721e8c8340874ae8b61a80d026138af3104327622b71e176d029a6a74e3502d20dd7c8d7f3124a6535f52be105ffe21b1a7d83bbb81907c91ed

  • SSDEEP

    6144:MBKqa8XGJBD07YgoIKO7encriGhTgw6T4w2sXPk0:+XkDoYgPd08TOTEx0

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://t-mk.me/ig2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      win32.exe

    • Size

      282KB

    • MD5

      49e57c841d29e789570d5636b8e03ed4

    • SHA1

      a4968b3380d724c04824de6943d7dbf86c59bf43

    • SHA256

      6952271ad4021a7b5b13b7a6a4375de48750e9f5dc1bbde69eb81c4c5b6bf550

    • SHA512

      d540622a31546b92a52f4b67ef301a96d30e88f8b37b16ec56ac773ca32fc9236f0621c0d3ab02851fbcb4455cecfda30bf15e4f85dd1a8ab35014bbf6efc4de

    • SSDEEP

      6144:1fc7SBG7i+n3HAApBz+HVlsKfencriGhdgw6B4w2sXac:KusPn3Vksp8dOBEW

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks