Overview

overview

10

Static

static

3

d4927d53f2...18.exe

windows7-x64

10

d4927d53f2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4927d53f24b7662242b5580fa9b515f_JaffaCakes118

  • Size

    991KB

  • Sample

    240908-rvse2a1crj

  • MD5

    d4927d53f24b7662242b5580fa9b515f

  • SHA1

    b6eb040fb35991f2d04530221ac8215eb9a793c7

  • SHA256

    1bf4d7f47b805a36c9a44871708d3dff62aa1385b22ab199f0b08ac537343e1f

  • SHA512

    6ef54394a1cf5138f0e9155c1a275d6e25683cd16df67a9d6c11aced1cd2a701ce8cad54bad24cdf61f051e19d8cba4f5164fba6ac69251dbe70b4987969465f

  • SSDEEP

    12288:TL6AWfsIkE2oMbKAn6wRt+50pt78pUC8an8pUC8aOIws2Xo9UTYnBU4wXgoe+mvV:XL22oMbKK3Z8N8sIRYWUTYn2XbpP5Ar

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://azmtool.us/kali/kali/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d4927d53f24b7662242b5580fa9b515f_JaffaCakes118

    • Size

      991KB

    • MD5

      d4927d53f24b7662242b5580fa9b515f

    • SHA1

      b6eb040fb35991f2d04530221ac8215eb9a793c7

    • SHA256

      1bf4d7f47b805a36c9a44871708d3dff62aa1385b22ab199f0b08ac537343e1f

    • SHA512

      6ef54394a1cf5138f0e9155c1a275d6e25683cd16df67a9d6c11aced1cd2a701ce8cad54bad24cdf61f051e19d8cba4f5164fba6ac69251dbe70b4987969465f

    • SSDEEP

      12288:TL6AWfsIkE2oMbKAn6wRt+50pt78pUC8an8pUC8aOIws2Xo9UTYnBU4wXgoe+mvV:XL22oMbKK3Z8N8sIRYWUTYn2XbpP5Ar

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks