Overview

overview

10

Static

static

3

d7c579d650...18.exe

windows7-x64

10

d7c579d650...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7c579d650a333141109e3d68a5b340d_JaffaCakes118

  • Size

    408KB

  • Sample

    240910-h2fkdatajg

  • MD5

    d7c579d650a333141109e3d68a5b340d

  • SHA1

    707585b88365f8ab7979189039de1d4d895305f5

  • SHA256

    fdf39072431895a952df728972e57657f2a3774c5db7ac41235a32b98847eced

  • SHA512

    afe932d128e6567904d3dde9485cf8da109e02b8fad6241358f90fd9c5081da29a71495d17c3c31f12357a53a730adae90f804b2670a8b1870f9a1236229ab10

  • SSDEEP

    6144:iqblMNjjal406GLWT944U3Em3ffFPoeZV3JjCvm:iQ+Fjg76GLM490Wff9

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://vicesstudios.ru/frank/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d7c579d650a333141109e3d68a5b340d_JaffaCakes118

    • Size

      408KB

    • MD5

      d7c579d650a333141109e3d68a5b340d

    • SHA1

      707585b88365f8ab7979189039de1d4d895305f5

    • SHA256

      fdf39072431895a952df728972e57657f2a3774c5db7ac41235a32b98847eced

    • SHA512

      afe932d128e6567904d3dde9485cf8da109e02b8fad6241358f90fd9c5081da29a71495d17c3c31f12357a53a730adae90f804b2670a8b1870f9a1236229ab10

    • SSDEEP

      6144:iqblMNjjal406GLWT944U3Em3ffFPoeZV3JjCvm:iQ+Fjg76GLM490Wff9

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks