Overview

overview

10

Static

static

3

248e109405...18.exe

windows7-x64

10

248e109405...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    248e1094053228e06aa1d5dacd64e75a_JaffaCakes118

  • Size

    226KB

  • Sample

    241008-ylkgdstejg

  • MD5

    248e1094053228e06aa1d5dacd64e75a

  • SHA1

    86c3ddfe1b4392b3c38f7e7659c4a03418254400

  • SHA256

    32e43017d770e13d4a21711e598fa68b20b4ea04e2d4b9cf1fac9b7dfa8feb5e

  • SHA512

    b5142fc4e9bd2a826a7c73490ef2d6ce281259ee0e96ce6779b17d61196cd6ab8c0d31476fb44934e5c86589ae25e32b8e3414f8fc2e8e02b94a960f47a67acb

  • SSDEEP

    6144:34Hz31iN39dHG+KQMOttSmdAIlg4TcBiMi16Jmq:34T30K+TSEAIKCWiC0q

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://th-ina.co.id/images/bisma/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      248e1094053228e06aa1d5dacd64e75a_JaffaCakes118

    • Size

      226KB

    • MD5

      248e1094053228e06aa1d5dacd64e75a

    • SHA1

      86c3ddfe1b4392b3c38f7e7659c4a03418254400

    • SHA256

      32e43017d770e13d4a21711e598fa68b20b4ea04e2d4b9cf1fac9b7dfa8feb5e

    • SHA512

      b5142fc4e9bd2a826a7c73490ef2d6ce281259ee0e96ce6779b17d61196cd6ab8c0d31476fb44934e5c86589ae25e32b8e3414f8fc2e8e02b94a960f47a67acb

    • SSDEEP

      6144:34Hz31iN39dHG+KQMOttSmdAIlg4TcBiMi16Jmq:34T30K+TSEAIKCWiC0q

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks