Overview

overview

10

Static

static

3

f9b4d99c98...18.exe

windows7-x64

10

f9b4d99c98...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9b4d99c983324e3687a38d710f4bc47_JaffaCakes118

  • Size

    258KB

  • Sample

    240927-e3spjsyake

  • MD5

    f9b4d99c983324e3687a38d710f4bc47

  • SHA1

    802f02d5d738cc4f113aea73433d0a85abd4a060

  • SHA256

    da8fce1aa502e80a85acdc6cb2fe4c3099a9fa9dafdb1a2d92d97d4b4d12d81e

  • SHA512

    c8f265796f58a74bc3b2aa44bc20447be000f8f94e13a986899e9251c58808a1bb31507444a4d35cc60b950331760c357c2c9aad8db90d54d62918e760368604

  • SSDEEP

    3072:iOSlvpy6iajQ5kWhwXUYK5ej6HLXwoz0PoN6p/XtmNz8BL8t3T4JirlFr0+uQF6:iOSq670WUHLXFDM5d7JWbaQTIPH

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://www.matantalbenna.com/.legolass/fine/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f9b4d99c983324e3687a38d710f4bc47_JaffaCakes118

    • Size

      258KB

    • MD5

      f9b4d99c983324e3687a38d710f4bc47

    • SHA1

      802f02d5d738cc4f113aea73433d0a85abd4a060

    • SHA256

      da8fce1aa502e80a85acdc6cb2fe4c3099a9fa9dafdb1a2d92d97d4b4d12d81e

    • SHA512

      c8f265796f58a74bc3b2aa44bc20447be000f8f94e13a986899e9251c58808a1bb31507444a4d35cc60b950331760c357c2c9aad8db90d54d62918e760368604

    • SSDEEP

      3072:iOSlvpy6iajQ5kWhwXUYK5ej6HLXwoz0PoN6p/XtmNz8BL8t3T4JirlFr0+uQF6:iOSq670WUHLXFDM5d7JWbaQTIPH

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks