lokibot | 397bbbbbcf5c97a5c9ce31ae4f13a485457f4391cb2c5a827ae614c17555b18e | Triage

Sharing

General

Target

ef949568805205d59956f6f00dfef2a8_JaffaCakes118
Size

228KB
Sample

240921-mcbbksxbmf
MD5

ef949568805205d59956f6f00dfef2a8
SHA1

927a976e4cff2a920d69d405846c51a22be0d57b
SHA256

397bbbbbcf5c97a5c9ce31ae4f13a485457f4391cb2c5a827ae614c17555b18e
SHA512

143642266a3b249a56317ad26f681324e303ab9bdaf032a3e4e682c879279dbe34ddf6b0dec9d111d674372a09ffb63d7941cb44f440d62924534e2ae6f16b30
SSDEEP

6144:NaCJya3zHD3pglzwTevRCcd6bUfFdXThU:NaCJy+z9glzq3wPXK

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://blinkdawn.com/tools/swift/blends/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ef949568805205d59956f6f00dfef2a8_JaffaCakes118
- Size
  
  228KB
- MD5
  
  ef949568805205d59956f6f00dfef2a8
- SHA1
  
  927a976e4cff2a920d69d405846c51a22be0d57b
- SHA256
  
  397bbbbbcf5c97a5c9ce31ae4f13a485457f4391cb2c5a827ae614c17555b18e
- SHA512
  
  143642266a3b249a56317ad26f681324e303ab9bdaf032a3e4e682c879279dbe34ddf6b0dec9d111d674372a09ffb63d7941cb44f440d62924534e2ae6f16b30
- SSDEEP
  
  6144:NaCJya3zHD3pglzwTevRCcd6bUfFdXThU:NaCJy+z9glzq3wPXK
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2