lokibot | 524a6ad3419f2f18f609257b298bf1d6dd5bd01e7efe622bff75115cd92f59cf | Triage

Sharing

General

Target

c09616002f0469de779f1bae96ff6aa1_JaffaCakes118
Size

448KB
Sample

240825-m1yf1ssejj
MD5

c09616002f0469de779f1bae96ff6aa1
SHA1

cc40b98ff7bf6189c1b0ef50e6f51a5201562777
SHA256

524a6ad3419f2f18f609257b298bf1d6dd5bd01e7efe622bff75115cd92f59cf
SHA512

b1d628b0d119b1627b9bd8edade21a9eb515b483b488a4aafaf2f45d9fc6f3398113b8ce02f5320a8680e7996667b4c5d91d1a39772bfc592a3073cb405ac939
SSDEEP

12288:voJ0mTtfJRYNwPXK0dmt5nC4i/07WNWl:rwXK0dYnxi8SNWl

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://emas-store.com/wp-includes/js/tinymce/themes/inlite/main/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c09616002f0469de779f1bae96ff6aa1_JaffaCakes118
- Size
  
  448KB
- MD5
  
  c09616002f0469de779f1bae96ff6aa1
- SHA1
  
  cc40b98ff7bf6189c1b0ef50e6f51a5201562777
- SHA256
  
  524a6ad3419f2f18f609257b298bf1d6dd5bd01e7efe622bff75115cd92f59cf
- SHA512
  
  b1d628b0d119b1627b9bd8edade21a9eb515b483b488a4aafaf2f45d9fc6f3398113b8ce02f5320a8680e7996667b4c5d91d1a39772bfc592a3073cb405ac939
- SSDEEP
  
  12288:voJ0mTtfJRYNwPXK0dmt5nC4i/07WNWl:rwXK0dYnxi8SNWl
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2