Overview

overview

10

Static

static

3

daa8440811...18.exe

windows7-x64

10

daa8440811...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    daa8440811c32cfd4133d49cb247623b_JaffaCakes118

  • Size

    301KB

  • Sample

    241209-vnb19azlbm

  • MD5

    daa8440811c32cfd4133d49cb247623b

  • SHA1

    8f5749aeb32d305b627bab4bcd131cedf80e4067

  • SHA256

    ad03d6c2459c0ee88848bd587581f4dc1183017aac47a757e566e0390e727f4d

  • SHA512

    9a62eca193ffdf5335f96347d231761d2b9cf52ecf0f7fe62dbc2d736f27cf799681ef4a6d950846d8f83f7404a6b217a15a0281f544294c4bd40001a7304474

  • SSDEEP

    6144:jjP5IphYdBcdbUA5rAZPqH3Khs/dY9YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYTWmS:HP5zdBclUA50ZPqKs/dY9YYYYYYYYYYK

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/BEF2P6YRqV1nZ

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      daa8440811c32cfd4133d49cb247623b_JaffaCakes118

    • Size

      301KB

    • MD5

      daa8440811c32cfd4133d49cb247623b

    • SHA1

      8f5749aeb32d305b627bab4bcd131cedf80e4067

    • SHA256

      ad03d6c2459c0ee88848bd587581f4dc1183017aac47a757e566e0390e727f4d

    • SHA512

      9a62eca193ffdf5335f96347d231761d2b9cf52ecf0f7fe62dbc2d736f27cf799681ef4a6d950846d8f83f7404a6b217a15a0281f544294c4bd40001a7304474

    • SSDEEP

      6144:jjP5IphYdBcdbUA5rAZPqH3Khs/dY9YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYTWmS:HP5zdBclUA50ZPqKs/dY9YYYYYYYYYYK

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks