Overview

overview

10

Static

static

5

8f7bc5d7d8...18.exe

windows7-x64

10

8f7bc5d7d8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8f7bc5d7d8c840042b397a84c30f6658_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240812-t6v2eatfra

  • MD5

    8f7bc5d7d8c840042b397a84c30f6658

  • SHA1

    42fc7cd5406f3952080fdfd328e266e7d86a8ee7

  • SHA256

    46e45a1d56b4b1599bacd1239b79397f5400807767c000832e021d66d1f78b1d

  • SHA512

    65b56a5e5f6fc99adefdb1b419fad42705cfffef6b59fbe82e31f5d2b8159ee830362d4865272a2aaea0c337b5eb7cf8fa6e2568329be72a6b402cc306e424aa

  • SSDEEP

    24576:mAHnh+eWsN3skA4RV1Hom2KXSmdaViItudH77HGP5:Bh+ZkldoPKi2as3dXW

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://shopper.bulutlogistic.com/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8f7bc5d7d8c840042b397a84c30f6658_JaffaCakes118

    • Size

      1.1MB

    • MD5

      8f7bc5d7d8c840042b397a84c30f6658

    • SHA1

      42fc7cd5406f3952080fdfd328e266e7d86a8ee7

    • SHA256

      46e45a1d56b4b1599bacd1239b79397f5400807767c000832e021d66d1f78b1d

    • SHA512

      65b56a5e5f6fc99adefdb1b419fad42705cfffef6b59fbe82e31f5d2b8159ee830362d4865272a2aaea0c337b5eb7cf8fa6e2568329be72a6b402cc306e424aa

    • SSDEEP

      24576:mAHnh+eWsN3skA4RV1Hom2KXSmdaViItudH77HGP5:Bh+ZkldoPKi2as3dXW

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops startup file

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks