General

  • Target

    c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118

  • Size

    729KB

  • Sample

    240828-gsqhjsxfkc

  • MD5

    c653666d1e83163fa4173a09ef16a8bb

  • SHA1

    32598e3d7f6c73cad52ac1ecd6771d4587fdfbc5

  • SHA256

    ba1fc31924f28c500e87979824415fbe4d2e08fde4591652c24734bcbc816fab

  • SHA512

    a497ed6110593a5d91bfe99f96018ec4220ebaea697b19c84cc839646562952b54e265d042682659041465a11242f372691f20a28a1788349474f19d9ecb330d

  • SSDEEP

    12288:UWNLJocWe3v4uG7aE0NLhJgV9fm0OXSeAkdjB2JfIz1WBtYvxnCVjyxYdbD+CNdY:/ocWoGmluVAxSULvJotYp0jyaUCOTMR8

Malware Config

Extracted

Family

lokibot

C2

http://spacemc.com/admin/iyk/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118

    • Size

      729KB

    • MD5

      c653666d1e83163fa4173a09ef16a8bb

    • SHA1

      32598e3d7f6c73cad52ac1ecd6771d4587fdfbc5

    • SHA256

      ba1fc31924f28c500e87979824415fbe4d2e08fde4591652c24734bcbc816fab

    • SHA512

      a497ed6110593a5d91bfe99f96018ec4220ebaea697b19c84cc839646562952b54e265d042682659041465a11242f372691f20a28a1788349474f19d9ecb330d

    • SSDEEP

      12288:UWNLJocWe3v4uG7aE0NLhJgV9fm0OXSeAkdjB2JfIz1WBtYvxnCVjyxYdbD+CNdY:/ocWoGmluVAxSULvJotYp0jyaUCOTMR8

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks