Overview

overview

10

Static

static

3

d164e15381...18.exe

windows7-x64

10

d164e15381...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d164e15381cd47f2f3e58a1ac710dba6_JaffaCakes118

  • Size

    803KB

  • Sample

    240907-jbnczasbpm

  • MD5

    d164e15381cd47f2f3e58a1ac710dba6

  • SHA1

    efa2f41bc49fdb32e91f546d001f5df91ced8046

  • SHA256

    1a9ccfcf04de42d54702f36240ce9248f53e8dc28f61bf5354c27c597cd789e9

  • SHA512

    5ddd3af26ccb49fcc6fba5d3005010a138ed730b6438fa016cc8b01ed97fbebf844f8adbb65f6e648e931f33988ef9570206e6c80a57cd274cce09facc5fe0ef

  • SSDEEP

    12288:Gb6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hOoXs9Q/h9U3:3eSHhYRRxOVGcxJBdb1Goy

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://tkanilux.com.ua/z0/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d164e15381cd47f2f3e58a1ac710dba6_JaffaCakes118

    • Size

      803KB

    • MD5

      d164e15381cd47f2f3e58a1ac710dba6

    • SHA1

      efa2f41bc49fdb32e91f546d001f5df91ced8046

    • SHA256

      1a9ccfcf04de42d54702f36240ce9248f53e8dc28f61bf5354c27c597cd789e9

    • SHA512

      5ddd3af26ccb49fcc6fba5d3005010a138ed730b6438fa016cc8b01ed97fbebf844f8adbb65f6e648e931f33988ef9570206e6c80a57cd274cce09facc5fe0ef

    • SSDEEP

      12288:Gb6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hOoXs9Q/h9U3:3eSHhYRRxOVGcxJBdb1Goy

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks