Overview

overview

10

Static

static

3

a1d5895f85...18.exe

windows7-x64

10

a1d5895f85...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1d5895f85751dfe67d19cccb51b051a_JaffaCakes118

  • Size

    269KB

  • Sample

    240817-kb7x2swend

  • MD5

    a1d5895f85751dfe67d19cccb51b051a

  • SHA1

    9288fb8e96d419586fc8c595dd95353d48e8a060

  • SHA256

    17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd

  • SHA512

    a8f8a709882b77d90f188d172358356f42e2d5d2644bf45ab2b4c446cea8cbbc41e9203e854a9e6863aba23a14ba153fbbf9dc801a766221251d309214dad8de

  • SSDEEP

    3072:vOAZ69/F3xyBPn6UhTBNK8UbCk155CqC/S0KHBq0crpGR4+y92fTX6JNsJoPy:vOJ/FhgJhd9fk1PC/lbrpGR09e6JNsk

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://coffeinoffice.xyz/cup/wish.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      a1d5895f85751dfe67d19cccb51b051a_JaffaCakes118

    • Size

      269KB

    • MD5

      a1d5895f85751dfe67d19cccb51b051a

    • SHA1

      9288fb8e96d419586fc8c595dd95353d48e8a060

    • SHA256

      17dacedb6f0379a65160d73c0ae3aa1f03465ae75cb6ae754c7dcb3017af1fbd

    • SHA512

      a8f8a709882b77d90f188d172358356f42e2d5d2644bf45ab2b4c446cea8cbbc41e9203e854a9e6863aba23a14ba153fbbf9dc801a766221251d309214dad8de

    • SSDEEP

      3072:vOAZ69/F3xyBPn6UhTBNK8UbCk155CqC/S0KHBq0crpGR4+y92fTX6JNsJoPy:vOJ/FhgJhd9fk1PC/lbrpGR09e6JNsk

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks