Overview

overview

10

Static

static

3

d783443ec9...18.exe

windows7-x64

10

d783443ec9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d783443ec9ad9fcad1c7b18dfc154798_JaffaCakes118

  • Size

    711KB

  • Sample

    240910-dwrcgawcqf

  • MD5

    d783443ec9ad9fcad1c7b18dfc154798

  • SHA1

    ed7d4973b834f9f215e070e264132efdc5c87b00

  • SHA256

    21c1d44a7fd3677910f3bfe102c73dd477f0e555d78442c7ba8da827d888dc28

  • SHA512

    e44cd79187b08deefd913c21737b53eebeb64c6d897d77ac75557b12d82a6b4201e964a210c5a4b4d52279d2ce72e12d9850a6a1c09e5b2214ca2df4f5f429a8

  • SSDEEP

    12288:StDpPDULMdI0GSMewuFxmFfNPWjM6amxjF1TqAcO1oL7L81J:S3PD27S8MmFFWMmv1+AcO1qwJ

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://edulinkr.com/ol/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d783443ec9ad9fcad1c7b18dfc154798_JaffaCakes118

    • Size

      711KB

    • MD5

      d783443ec9ad9fcad1c7b18dfc154798

    • SHA1

      ed7d4973b834f9f215e070e264132efdc5c87b00

    • SHA256

      21c1d44a7fd3677910f3bfe102c73dd477f0e555d78442c7ba8da827d888dc28

    • SHA512

      e44cd79187b08deefd913c21737b53eebeb64c6d897d77ac75557b12d82a6b4201e964a210c5a4b4d52279d2ce72e12d9850a6a1c09e5b2214ca2df4f5f429a8

    • SSDEEP

      12288:StDpPDULMdI0GSMewuFxmFfNPWjM6amxjF1TqAcO1oL7L81J:S3PD27S8MmFFWMmv1+AcO1qwJ

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks