Overview

overview

10

Static

static

3

a255a692bd...18.exe

windows7-x64

10

a255a692bd...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a255a692bdcae3b876b7b8d7cfc1cd64_JaffaCakes118

  • Size

    403KB

  • Sample

    240817-ngjdeswbnl

  • MD5

    a255a692bdcae3b876b7b8d7cfc1cd64

  • SHA1

    3acaaec24bfb12a97207cb9d5f6a729261682f93

  • SHA256

    0b47269dbe8ac66c68ac012fe7ab77cd7acc60a4f8ec4318ac0be707171211ce

  • SHA512

    20220e3bc56593b1aa35dbd30b8df4e1c9910b53af86f0db31ddf46a1fc3558c8edf9c485fa5bfc15d27e0485d246daf549f5c785c564c265509d3e808419d16

  • SSDEEP

    6144:q45eUW6n/pZ3z7O/nzlLFo2/fVUQ0KZIBtJu9qC:qgUY/pZ30nzdFL/GBKZIPQR

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://checkvim.com/ga13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      a255a692bdcae3b876b7b8d7cfc1cd64_JaffaCakes118

    • Size

      403KB

    • MD5

      a255a692bdcae3b876b7b8d7cfc1cd64

    • SHA1

      3acaaec24bfb12a97207cb9d5f6a729261682f93

    • SHA256

      0b47269dbe8ac66c68ac012fe7ab77cd7acc60a4f8ec4318ac0be707171211ce

    • SHA512

      20220e3bc56593b1aa35dbd30b8df4e1c9910b53af86f0db31ddf46a1fc3558c8edf9c485fa5bfc15d27e0485d246daf549f5c785c564c265509d3e808419d16

    • SSDEEP

      6144:q45eUW6n/pZ3z7O/nzlLFo2/fVUQ0KZIBtJu9qC:qgUY/pZ30nzdFL/GBKZIPQR

    Score
    10/10
    lokibotcollectioncredential_accessspywarestealertrojandiscovery

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks