Overview

overview

10

Static

static

3

d33e2e2f66...18.exe

windows7-x64

10

d33e2e2f66...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d33e2e2f6695c4bf2040626639036e6e_JaffaCakes118

  • Size

    881KB

  • Sample

    240908-bx9t4azane

  • MD5

    d33e2e2f6695c4bf2040626639036e6e

  • SHA1

    42dec117522d1d4ce734f8d446762b1d3ccffa61

  • SHA256

    dec45acba1a78e5c118933abe9a18bae1c9941c96b2fb4326a933532e694c952

  • SHA512

    ade524fb020f0f6d428ffba8a23d0e95cd5d74d8205f973a898ea6ec4eb299986709423997be93e5358332b3b56c3b340bff33ca04d9fa9d5a2982cc9bc4a8ab

  • SSDEEP

    12288:DRZsWUSatTjbhBoRJ3jJG6qIvvwVZmR+MH553:6Tt3bhBoRNlv8AR+MH55

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://142.11.210.173/2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d33e2e2f6695c4bf2040626639036e6e_JaffaCakes118

    • Size

      881KB

    • MD5

      d33e2e2f6695c4bf2040626639036e6e

    • SHA1

      42dec117522d1d4ce734f8d446762b1d3ccffa61

    • SHA256

      dec45acba1a78e5c118933abe9a18bae1c9941c96b2fb4326a933532e694c952

    • SHA512

      ade524fb020f0f6d428ffba8a23d0e95cd5d74d8205f973a898ea6ec4eb299986709423997be93e5358332b3b56c3b340bff33ca04d9fa9d5a2982cc9bc4a8ab

    • SSDEEP

      12288:DRZsWUSatTjbhBoRJ3jJG6qIvvwVZmR+MH553:6Tt3bhBoRNlv8AR+MH55

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks