Overview

overview

10

Static

static

3

8dcfd176a1...18.exe

windows7-x64

10

8dcfd176a1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8dcfd176a17a3f3402451944ab0f8c48_JaffaCakes118

  • Size

    307KB

  • Sample

    240812-h3xv2svelh

  • MD5

    8dcfd176a17a3f3402451944ab0f8c48

  • SHA1

    b89187db3d3a867bd0e20e0e8afb9c35508c4532

  • SHA256

    63cc0b6da012d69405a7922bbf010f0eb4f5fc7f2f4bd8dc1a969d7643b0e286

  • SHA512

    41a926c8e60a96fbe0591d4cb811ce443ddfdbdaa36c4e9a2409142b6f9b07e2278a16b80f82bf6ff68a96146d8ad8c37fa80f776e6301e1103a6cd1d3ba8544

  • SSDEEP

    3072:jEJGSDMpJl5xWbOZakn9iW18rxIymTyJs6l1mjhv02r2R1Gk:xSDMpra6H9iWsxIHWZ1mFI

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/78RKmWHVN5cGG

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8dcfd176a17a3f3402451944ab0f8c48_JaffaCakes118

    • Size

      307KB

    • MD5

      8dcfd176a17a3f3402451944ab0f8c48

    • SHA1

      b89187db3d3a867bd0e20e0e8afb9c35508c4532

    • SHA256

      63cc0b6da012d69405a7922bbf010f0eb4f5fc7f2f4bd8dc1a969d7643b0e286

    • SHA512

      41a926c8e60a96fbe0591d4cb811ce443ddfdbdaa36c4e9a2409142b6f9b07e2278a16b80f82bf6ff68a96146d8ad8c37fa80f776e6301e1103a6cd1d3ba8544

    • SSDEEP

      3072:jEJGSDMpJl5xWbOZakn9iW18rxIymTyJs6l1mjhv02r2R1Gk:xSDMpra6H9iWsxIHWZ1mFI

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks