General

  • Target

    8480b7a266e9b9659e29c8178269e822_JaffaCakes118

  • Size

    554KB

  • Sample

    241101-sza7zssepq

  • MD5

    8480b7a266e9b9659e29c8178269e822

  • SHA1

    fdb45931681ec25c149816e0ab92e9482e20f119

  • SHA256

    78f342372865460fa2db1124046e6eb93b89a0a24dda0c28946a36569af5f1c9

  • SHA512

    29b4f5b959c96ba49c20e472cd0e502ff58c1e9af4ed2641e2c6ac951c2c711d036142c9ca12a4014935d257df028dbe6c8c2e61505ac1086cb1d584b9f49fdd

  • SSDEEP

    12288:3yN5yf5GnDmkiqUTJvWlmo5YFdCdAm3iUobxLSXjL3sJQRhaqNG:3yNhDmFJgB2F0r1jbsUaYG

Malware Config

Extracted

Family

lokibot

C2

http://aboasu.xyz/dx/kk/koo.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Bank Details.pdf___________________________________.bat

    • Size

      1021KB

    • MD5

      165abfb0c60c6917d29d2d83be640103

    • SHA1

      41b85e2688a0bda0146dc598539942a7e1452c26

    • SHA256

      ac8ab6d26de41ba63cd9fab6732dc4e08a5ce16d6ba9b747a585c56ee02ade40

    • SHA512

      46190586f74aef3d69a38566c86e3efcd42a74123fcf4492be7694e9ae78bbba2bd9ec644fc709be997c7845465cdcaa98302776eeada7e208d09e20448818de

    • SSDEEP

      12288:yad88kz3J4cuHanxExelM8EIoSOkRo69rbKw5C//F+nCTgwf++dpwVNw7:yaG3ucqUMfku69rbKJCCEw

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Lokibot family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks