lokibot | 959a18f78a9526601437883f0c4203cfb2a248ccbc1a2e3d8cfddc11cbb06043

General

Target

JaffaCakes118_959a18f78a9526601437883f0c4203cfb2a248ccbc1a2e3d8cfddc11cbb06043
Size

648KB
Sample

241229-jbeqtswngw
MD5

943c146aac9b5acb09e1c6edfef69bb9
SHA1

8d3c175c703f76a2c817e261504069e55e8e5565
SHA256

959a18f78a9526601437883f0c4203cfb2a248ccbc1a2e3d8cfddc11cbb06043
SHA512

90ffa6ffbeb2703bb5f8d8580bbb69de2d4f0c1a2787ce67269079f08758f12062d87b596a5537f12c0a2fbd3b1cfbda9b146d983539e1e1db61d0ed5252247f
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://85.202.169.172/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  JaffaCakes118_959a18f78a9526601437883f0c4203cfb2a248ccbc1a2e3d8cfddc11cbb06043
- Size
  
  648KB
- MD5
  
  943c146aac9b5acb09e1c6edfef69bb9
- SHA1
  
  8d3c175c703f76a2c817e261504069e55e8e5565
- SHA256
  
  959a18f78a9526601437883f0c4203cfb2a248ccbc1a2e3d8cfddc11cbb06043
- SHA512
  
  90ffa6ffbeb2703bb5f8d8580bbb69de2d4f0c1a2787ce67269079f08758f12062d87b596a5537f12c0a2fbd3b1cfbda9b146d983539e1e1db61d0ed5252247f
- SSDEEP
  
  1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2