Overview

overview

10

Static

static

3

ac1be5665f...18.exe

windows7-x64

10

ac1be5665f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac1be5665f9223585bab509dd2a29024_JaffaCakes118

  • Size

    460KB

  • Sample

    240819-w7ef6azaqf

  • MD5

    ac1be5665f9223585bab509dd2a29024

  • SHA1

    9c0e5d2fb5df4c3293820d1adf34af826e06ddbb

  • SHA256

    54c245754199a247295269c0ae62e739e49744089b6102ab117bb3d6716bcee4

  • SHA512

    6db780aa72eec330f984e48266e477563e27693c77abe21e889a357ae180984d38d83f6c171f3de3992640ea6bb87525ae8403001c8f46a4e46f82f9bc646c01

  • SSDEEP

    6144:OvQ+3HwObH94J2+vzSxNUN8yy6NLeigmwJL0X0YDir/7yRrJhXK8DAi15TIw:OIobL+7Sx08yy6PwJA0/fy9NDN8w

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://frinqy.gq/apps/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ac1be5665f9223585bab509dd2a29024_JaffaCakes118

    • Size

      460KB

    • MD5

      ac1be5665f9223585bab509dd2a29024

    • SHA1

      9c0e5d2fb5df4c3293820d1adf34af826e06ddbb

    • SHA256

      54c245754199a247295269c0ae62e739e49744089b6102ab117bb3d6716bcee4

    • SHA512

      6db780aa72eec330f984e48266e477563e27693c77abe21e889a357ae180984d38d83f6c171f3de3992640ea6bb87525ae8403001c8f46a4e46f82f9bc646c01

    • SSDEEP

      6144:OvQ+3HwObH94J2+vzSxNUN8yy6NLeigmwJL0X0YDir/7yRrJhXK8DAi15TIw:OIobL+7Sx08yy6PwJA0/fy9NDN8w

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks