Overview

overview

10

Static

static

3

f4c0448c42...18.exe

windows7-x64

10

f4c0448c42...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4c0448c427e926b0d3c0d1fbc1a866e_JaffaCakes118

  • Size

    564KB

  • Sample

    241215-tmk24ayqfv

  • MD5

    f4c0448c427e926b0d3c0d1fbc1a866e

  • SHA1

    273aa64fd2523237acde7d342a09a259a3c5499a

  • SHA256

    cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef

  • SHA512

    605665259a268ccf31d01c6332693d259f37efa72e517dc6bc09c5fc66b53b274bfd9f111607499f9aad64c87aa70b8c9c21fe69a6c532b193e2704f1ce9fd1c

  • SSDEEP

    12288:qVAsGfYtKR7zmF4WdwGexfoAu9kcNuuh5:qVAsGfYtKR7yFjdwGexf5u9kcNuuh5

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://publicspeaking.co.id/okoye/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f4c0448c427e926b0d3c0d1fbc1a866e_JaffaCakes118

    • Size

      564KB

    • MD5

      f4c0448c427e926b0d3c0d1fbc1a866e

    • SHA1

      273aa64fd2523237acde7d342a09a259a3c5499a

    • SHA256

      cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef

    • SHA512

      605665259a268ccf31d01c6332693d259f37efa72e517dc6bc09c5fc66b53b274bfd9f111607499f9aad64c87aa70b8c9c21fe69a6c532b193e2704f1ce9fd1c

    • SSDEEP

      12288:qVAsGfYtKR7zmF4WdwGexfoAu9kcNuuh5:qVAsGfYtKR7yFjdwGexf5u9kcNuuh5

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks