Overview

overview

10

Static

static

10

lo2.exe

windows7-x64

10

lo2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d87dfbc745d3d9104eaf720fe2d67ed3_JaffaCakes118

  • Size

    44KB

  • Sample

    240910-sxcb9ssbjh

  • MD5

    d87dfbc745d3d9104eaf720fe2d67ed3

  • SHA1

    fa564b2fb543a76e8823f0a85aeda1f5d4b9d8e9

  • SHA256

    3a44ab536daa9386cbd21eb8a4c356b658f1c1b02cd36cc2e753097665b8eab0

  • SHA512

    371172e5dbcf098593c29ca2dc951c8dcc7532b46e4659d37c33e0928a9be6c2b40adb2b91dd963befc0e1d1fe63175aca3391e4567ba96806f63a768c4be62f

  • SSDEEP

    768:aXb8rT4+jsYU6LvPSdz3QDYAvLaAcvBcIJDDzZYqNxB4oNkzL:ar8/Ds36Lc3QA5ZcDqHB4oNkzL

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://mypanel-update.ml/logi/lo2/PvqDq929BSx_A_D_M1n_a.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      lo2.exe

    • Size

      104KB

    • MD5

      6097232bc136d0af5321b7be782ade5d

    • SHA1

      ee0d91f551a271fd60f80188893ef31420889a4b

    • SHA256

      86ec4738c2625220a6f87caac14b315743de7058e971e6338230b1a64996e675

    • SHA512

      90ddec04cbca60decfd07f3e8abc71eee020aef1de38d05a86ca0793a4d374a04bfebf7afc06a0f718a85125dd371435c8f38c2cdb7138cb173595552bc4fe18

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectioncredential_accessspywarestealertrojandiscovery

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks