Overview

overview

10

Static

static

10

b77e71a149...18.exe

windows7-x64

10

b77e71a149...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b77e71a149e2eff76f5042f8933f04ee_JaffaCakes118

  • Size

    104KB

  • Sample

    240617-jqzdsavfkl

  • MD5

    b77e71a149e2eff76f5042f8933f04ee

  • SHA1

    d8ba685ddfe88f7be5ed24bccfae00f6be9243a7

  • SHA256

    eeb3bc146c684a04e218735175985a44eb7a75ab38b80428556e3296f56381ad

  • SHA512

    08350f2723197d64fb32c400d2c1cddbce86005eaf2e5a797c760f089fc17520164b6a5207f76c98c597121775c6a9d91ba13951c0d47bd3fa2a58933d7fe166

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://auscanforum.com/page32/files/logs/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b77e71a149e2eff76f5042f8933f04ee_JaffaCakes118

    • Size

      104KB

    • MD5

      b77e71a149e2eff76f5042f8933f04ee

    • SHA1

      d8ba685ddfe88f7be5ed24bccfae00f6be9243a7

    • SHA256

      eeb3bc146c684a04e218735175985a44eb7a75ab38b80428556e3296f56381ad

    • SHA512

      08350f2723197d64fb32c400d2c1cddbce86005eaf2e5a797c760f089fc17520164b6a5207f76c98c597121775c6a9d91ba13951c0d47bd3fa2a58933d7fe166

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks