Overview

overview

10

Static

static

3

ced9f4dc5a...18.exe

windows7-x64

10

ced9f4dc5a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ced9f4dc5ab849d4187f379d3a9fc34d_JaffaCakes118

  • Size

    692KB

  • Sample

    240906-gw1gxszgkp

  • MD5

    ced9f4dc5ab849d4187f379d3a9fc34d

  • SHA1

    b2723d8f3d4a66f47685b5087f4292bf0ffceeb1

  • SHA256

    1b528464f98835adc2a55e54bd014d15b0aa63a80644deadf77a030b2e93e7dd

  • SHA512

    8cd3f40892f84149813d5d2fb45df74c90579e5ce76eeda8a00180faf81f9d7e99853d81789341dc7b44c1f3de76ead5af13908f4d064bf4dfc25eb92b3c0e39

  • SSDEEP

    12288:2myUrUcQ+TYNvOSOny5ud7npDL+ZU0BYs6Wbc:29Z+ENvOScoudNuZU0e

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://beancart.ru/ten/jays/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ced9f4dc5ab849d4187f379d3a9fc34d_JaffaCakes118

    • Size

      692KB

    • MD5

      ced9f4dc5ab849d4187f379d3a9fc34d

    • SHA1

      b2723d8f3d4a66f47685b5087f4292bf0ffceeb1

    • SHA256

      1b528464f98835adc2a55e54bd014d15b0aa63a80644deadf77a030b2e93e7dd

    • SHA512

      8cd3f40892f84149813d5d2fb45df74c90579e5ce76eeda8a00180faf81f9d7e99853d81789341dc7b44c1f3de76ead5af13908f4d064bf4dfc25eb92b3c0e39

    • SSDEEP

      12288:2myUrUcQ+TYNvOSOny5ud7npDL+ZU0BYs6Wbc:29Z+ENvOScoudNuZU0e

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks