Overview

overview

10

Static

static

3

56f2b73dbd...18.exe

windows7-x64

10

56f2b73dbd...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    56f2b73dbd7e373edd8c46eb53c6e313_JaffaCakes118

  • Size

    227KB

  • Sample

    241018-mk5v6asbnd

  • MD5

    56f2b73dbd7e373edd8c46eb53c6e313

  • SHA1

    88210d35014b35d3a1513fc71610c0511a723f38

  • SHA256

    c334123fb97cebd1b771c1a209a49e94893e69ab7b185f9ce2fc610e55c521dd

  • SHA512

    e2153cc59460fc55b8dfea4dea01b7b147adb764efa12a2e4e7c4ecc34fc1aa499d48af1be69cdff8077e7a563e68d27b47fb6a07c7bc30c8e1ea940046862be

  • SSDEEP

    6144:YFipI6wrinA1qRXr7HQjbXhfzUTeG+gxOs04zszAlu:ZoiA9bxDGLnu

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/B0MWbknI2Z7T2

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      56f2b73dbd7e373edd8c46eb53c6e313_JaffaCakes118

    • Size

      227KB

    • MD5

      56f2b73dbd7e373edd8c46eb53c6e313

    • SHA1

      88210d35014b35d3a1513fc71610c0511a723f38

    • SHA256

      c334123fb97cebd1b771c1a209a49e94893e69ab7b185f9ce2fc610e55c521dd

    • SHA512

      e2153cc59460fc55b8dfea4dea01b7b147adb764efa12a2e4e7c4ecc34fc1aa499d48af1be69cdff8077e7a563e68d27b47fb6a07c7bc30c8e1ea940046862be

    • SSDEEP

      6144:YFipI6wrinA1qRXr7HQjbXhfzUTeG+gxOs04zszAlu:ZoiA9bxDGLnu

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks