Overview

overview

10

Static

static

3

b7119b83d2...18.exe

windows7-x64

10

b7119b83d2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b7119b83d24c8db017ec939698f01fa8_JaffaCakes118

  • Size

    921KB

  • Sample

    240822-k2j9ns1gpq

  • MD5

    b7119b83d24c8db017ec939698f01fa8

  • SHA1

    ee9bcc97c5f0244fe2ecbc6291deb6d1cc559136

  • SHA256

    9c5f9876b30ee9e81d5dbd88ca98ce817b0629beed1c37f702b5652acb4ec4b1

  • SHA512

    ff4c064c16d76a082a88f75125dcdbde47fc1f56bcdb3f2a76cb493a6dd547f3e26b7659dcfaa884949ec6c926f5085a8e8c8b9e2297b28d6d7c274460d5288f

  • SSDEEP

    12288:ZfmQpbrj6jRPLjRPqjBjjyjBjBjBjBjLjnYmasE6R/8EtrPPCmBXmExSdph5Q:8A/9Kqmhx0ph5

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://ogidoil.us/dumbo/dumbo2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b7119b83d24c8db017ec939698f01fa8_JaffaCakes118

    • Size

      921KB

    • MD5

      b7119b83d24c8db017ec939698f01fa8

    • SHA1

      ee9bcc97c5f0244fe2ecbc6291deb6d1cc559136

    • SHA256

      9c5f9876b30ee9e81d5dbd88ca98ce817b0629beed1c37f702b5652acb4ec4b1

    • SHA512

      ff4c064c16d76a082a88f75125dcdbde47fc1f56bcdb3f2a76cb493a6dd547f3e26b7659dcfaa884949ec6c926f5085a8e8c8b9e2297b28d6d7c274460d5288f

    • SSDEEP

      12288:ZfmQpbrj6jRPLjRPqjBjjyjBjBjBjBjLjnYmasE6R/8EtrPPCmBXmExSdph5Q:8A/9Kqmhx0ph5

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks