Overview

overview

10

Static

static

3

f331352e3d...18.exe

windows7-x64

10

f331352e3d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f331352e3dc5c6d82a880ba29e90ced7_JaffaCakes118

  • Size

    790KB

  • Sample

    240924-j1t7tawhrj

  • MD5

    f331352e3dc5c6d82a880ba29e90ced7

  • SHA1

    0eb0c42920b85cefbca199fd6ddb3a247d7badcd

  • SHA256

    82dddeb64ec22218ca5174cbcbc536e51e760f786c4b8a8851a4784beae75dfc

  • SHA512

    29d393d67996d10cb4e4608c5943f470246f9fcf77b8ca6121eb6ebcde573d15c4d51c96669216555e9f983f2a81c1798b60f8164a1c49ee2fa20ccfffcc631d

  • SSDEEP

    24576:31WEL+pgWHeBjIdW27Y03mydxco6/iQHo:31WVE1y

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://duclongetc.com/.o1/playbook/onelove/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f331352e3dc5c6d82a880ba29e90ced7_JaffaCakes118

    • Size

      790KB

    • MD5

      f331352e3dc5c6d82a880ba29e90ced7

    • SHA1

      0eb0c42920b85cefbca199fd6ddb3a247d7badcd

    • SHA256

      82dddeb64ec22218ca5174cbcbc536e51e760f786c4b8a8851a4784beae75dfc

    • SHA512

      29d393d67996d10cb4e4608c5943f470246f9fcf77b8ca6121eb6ebcde573d15c4d51c96669216555e9f983f2a81c1798b60f8164a1c49ee2fa20ccfffcc631d

    • SSDEEP

      24576:31WEL+pgWHeBjIdW27Y03mydxco6/iQHo:31WVE1y

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks