lokibot | 83fca7e46ea7973d4061a6350db64621cbef694f9269a9298238a364e00ef007

General

Target

ebed63d82235b2c0803a6fc8798eb2cb_JaffaCakes118
Size

4.3MB
Sample

240919-wyarlssgpd
MD5

ebed63d82235b2c0803a6fc8798eb2cb
SHA1

906be8d0b63b388e9270e221a35f50346df8ff9d
SHA256

83fca7e46ea7973d4061a6350db64621cbef694f9269a9298238a364e00ef007
SHA512

b8b12380d05520a0b60a3937735b981b506de24c878e428f905a1421eae081f8424352be4cb22b972ab3dafd9f9e49736188b9ba756b2520ce33c3516bc9f770
SSDEEP

98304:O8j/FsN/qL7aWA6m8jwA12Hy/6Vo5CkL7:OI/FG/qvaL6HF/6el7

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://www.hornelink.cn/new/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ebed63d82235b2c0803a6fc8798eb2cb_JaffaCakes118
- Size
  
  4.3MB
- MD5
  
  ebed63d82235b2c0803a6fc8798eb2cb
- SHA1
  
  906be8d0b63b388e9270e221a35f50346df8ff9d
- SHA256
  
  83fca7e46ea7973d4061a6350db64621cbef694f9269a9298238a364e00ef007
- SHA512
  
  b8b12380d05520a0b60a3937735b981b506de24c878e428f905a1421eae081f8424352be4cb22b972ab3dafd9f9e49736188b9ba756b2520ce33c3516bc9f770
- SSDEEP
  
  98304:O8j/FsN/qL7aWA6m8jwA12Hy/6Vo5CkL7:OI/FG/qvaL6HF/6el7
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2