Overview

overview

10

Static

static

3

upadted_pdf.exe

windows7-x64

10

upadted_pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb8cf11adb28738758a80989a0085b8f_JaffaCakes118

  • Size

    300KB

  • Sample

    240928-flzxzayann

  • MD5

    fb8cf11adb28738758a80989a0085b8f

  • SHA1

    0f0fb9cc7770495a2242e96dacf5a5bc68184843

  • SHA256

    1bbe115f43c884a6984f70bc4a169ea14303a866d7f405476de6901178f23162

  • SHA512

    04fad254c2b17925280ad4b40fe5c16557f308679874e024325123c963508f4e62abbcf8e7585ac4ed102068175ddf7419f5a3d565b1adbd0a8eae2af3f132a9

  • SSDEEP

    6144:oRPp1bMNd+F+NX3NXUne8rs5U8STi+Ygx0IrNCwgM3DXJfnWtheTTthzBob1:oRx1QdZNHNXr2rTCgx0IrNiM3da0hWb1

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/SczbkxCQZQyVr

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      upadted_pdf.exe

    • Size

      587KB

    • MD5

      0124d93385c8a6398f72daa6997f49c8

    • SHA1

      e7f35def5e9134813f98b08fe72f2f79869fece8

    • SHA256

      e6185bd50b78a2280181337e32864577d4650b7923eb64e8e95f85d46be4ced0

    • SHA512

      b7cc786494ea1d8bb53d842daec4e61b63aa46618693c044b690454e129c4adaf4a6640d94f15fd248e20d32ca904e5dff025c1756148e88e5c4db687fa0bf9e

    • SSDEEP

      12288:ZsT8i8L8WM+QF6M4fWr+cvT6zbejd1PAn+OxwAIoYjPXzxAnugq:+oRXoEJBboIn+Oxw3xbXNmHq

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks