Overview

overview

10

Static

static

3

164f0886ae...18.exe

windows7-x64

10

164f0886ae...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    164f0886ae383079bba01beddbd7e8ff_JaffaCakes118

  • Size

    1.6MB

  • Sample

    241005-fyknta1hlg

  • MD5

    164f0886ae383079bba01beddbd7e8ff

  • SHA1

    f0955b56db82a205996245fde7ecfef3eb3046e2

  • SHA256

    fa69036fcd3c1fb0476f36736674a923ff327c2ff1d9958ee5c3961b176d83a2

  • SHA512

    a18ef0338ff25d6ee479ee01530af88f25b98b66a6c4b8fc72635d93a9c8c4b61d86f4498d1be934f0774adb9c61d14cdedc76fe7d40c6df7539cf6fff97fe25

  • SSDEEP

    24576:M8oKnQy08hQKFs5J9uPjMbtmdTFzkayXZKt:M8dQjKSYPjMkdJzkn8

Score
10/10
lokibotcollectiondiscoverypersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://craftdistilleries.com/auth/xloki/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      164f0886ae383079bba01beddbd7e8ff_JaffaCakes118

    • Size

      1.6MB

    • MD5

      164f0886ae383079bba01beddbd7e8ff

    • SHA1

      f0955b56db82a205996245fde7ecfef3eb3046e2

    • SHA256

      fa69036fcd3c1fb0476f36736674a923ff327c2ff1d9958ee5c3961b176d83a2

    • SHA512

      a18ef0338ff25d6ee479ee01530af88f25b98b66a6c4b8fc72635d93a9c8c4b61d86f4498d1be934f0774adb9c61d14cdedc76fe7d40c6df7539cf6fff97fe25

    • SSDEEP

      24576:M8oKnQy08hQKFs5J9uPjMbtmdTFzkayXZKt:M8dQjKSYPjMkdJzkn8

    Score
    10/10
    lokibotcollectiondiscoverypersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks