Overview

overview

10

Static

static

3

JaffaCakes...0b.exe

windows7-x64

10

JaffaCakes...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_00fed078b7bb8f7519bade8e8278b80b

  • Size

    545KB

  • Sample

    250105-287rzs1keq

  • MD5

    00fed078b7bb8f7519bade8e8278b80b

  • SHA1

    8ad6febd1a654833277de15c9918baa2b2107391

  • SHA256

    626d86b712a5803a81b326accc5ff25d3b16826110664e1282a6bbb56034fd48

  • SHA512

    618124c69ff0d038c4dd65bf28592e1ec686394fb1b01f943727eae7e6a51e0f8c2e636fa16ffcb9b41647d41bdd2795e71738f74beddc766a863d1c13be84a5

  • SSDEEP

    12288:fCXP/+8z+CzEvvmp1Yvq9TeIh+OQUks3yTGtAr7jYFb6r8JtTCL5/ekm1F0LwINI:+u6zsmrYS9TZ4OQ43z

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://23.254.225.235/flex/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      JaffaCakes118_00fed078b7bb8f7519bade8e8278b80b

    • Size

      545KB

    • MD5

      00fed078b7bb8f7519bade8e8278b80b

    • SHA1

      8ad6febd1a654833277de15c9918baa2b2107391

    • SHA256

      626d86b712a5803a81b326accc5ff25d3b16826110664e1282a6bbb56034fd48

    • SHA512

      618124c69ff0d038c4dd65bf28592e1ec686394fb1b01f943727eae7e6a51e0f8c2e636fa16ffcb9b41647d41bdd2795e71738f74beddc766a863d1c13be84a5

    • SSDEEP

      12288:fCXP/+8z+CzEvvmp1Yvq9TeIh+OQUks3yTGtAr7jYFb6r8JtTCL5/ekm1F0LwINI:+u6zsmrYS9TZ4OQ43z

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks