lokibot | d38338dea990196b25eeeb9f82637239b7afe3c3e9abe01ae4e0af4fdd3a1db6

General

Target

JaffaCakes118_d38338dea990196b25eeeb9f82637239b7afe3c3e9abe01ae4e0af4fdd3a1db6
Size

648KB
Sample

241224-xfmh5atpf1
MD5

b688caacfb1b1c42c4f708a8246f6d0d
SHA1

d6a2850d7c2b7dc133b140b4f661d4f07ebc15c6
SHA256

d38338dea990196b25eeeb9f82637239b7afe3c3e9abe01ae4e0af4fdd3a1db6
SHA512

1eaed830daae6faa797c6cee53eac27c1f7cbc8c18638a0f434a1683087188531b5c75546916f61919f37493350029ac6e1d03b61795a0ca49d36efd3d0825e1
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gg12/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  JaffaCakes118_d38338dea990196b25eeeb9f82637239b7afe3c3e9abe01ae4e0af4fdd3a1db6
- Size
  
  648KB
- MD5
  
  b688caacfb1b1c42c4f708a8246f6d0d
- SHA1
  
  d6a2850d7c2b7dc133b140b4f661d4f07ebc15c6
- SHA256
  
  d38338dea990196b25eeeb9f82637239b7afe3c3e9abe01ae4e0af4fdd3a1db6
- SHA512
  
  1eaed830daae6faa797c6cee53eac27c1f7cbc8c18638a0f434a1683087188531b5c75546916f61919f37493350029ac6e1d03b61795a0ca49d36efd3d0825e1
- SSDEEP
  
  1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2