Overview

overview

10

Static

static

3

8895eec0d6...18.exe

windows7-x64

10

8895eec0d6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8895eec0d6f9c5bde4e5048824bdb693_JaffaCakes118

  • Size

    687KB

  • Sample

    240811-clafjazenj

  • MD5

    8895eec0d6f9c5bde4e5048824bdb693

  • SHA1

    916ac63e438fd1ffd6bde77fa7ee754a79d828ac

  • SHA256

    a31bcf37accafafcde367f7519883a6a86b98b28fdd941aac3f78349fb0a66a8

  • SHA512

    23c9812d76f3231c474b388f46b25a559e527faa4147769dc5d5fd85064b9e45f1b615e09748133d91f0d681bda8f3dd8209996e303a3a959bb1984963e18c6b

  • SSDEEP

    12288:HcHZI1cGYYZ6QrsSeqVz4q03q1Wfmq4Omh7pnsVFaH3Y3/Y0iG:HV1cGYYZ6q1Oq033f54Oe9sXaHb0R

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://95.174.65.246/pend/chan/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8895eec0d6f9c5bde4e5048824bdb693_JaffaCakes118

    • Size

      687KB

    • MD5

      8895eec0d6f9c5bde4e5048824bdb693

    • SHA1

      916ac63e438fd1ffd6bde77fa7ee754a79d828ac

    • SHA256

      a31bcf37accafafcde367f7519883a6a86b98b28fdd941aac3f78349fb0a66a8

    • SHA512

      23c9812d76f3231c474b388f46b25a559e527faa4147769dc5d5fd85064b9e45f1b615e09748133d91f0d681bda8f3dd8209996e303a3a959bb1984963e18c6b

    • SSDEEP

      12288:HcHZI1cGYYZ6QrsSeqVz4q03q1Wfmq4Omh7pnsVFaH3Y3/Y0iG:HV1cGYYZ6q1Oq033f54Oe9sXaHb0R

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks