Overview

overview

10

Static

static

8

Pago Fecha 2021.xls

windows7_x64

10

Pago Fecha 2021.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pago Fecha 2021.xls

  • Size

    126KB

  • Sample

    201228-sx6bd8pp4e

  • MD5

    35c9dbe44c092a5ebb101e1600736228

  • SHA1

    21083aa36e32aea90469131690c3d93f0f7f6c85

  • SHA256

    c66970bdd757e643f76b613a6302a14c6ea6eb6032aebc6b4cfc84fc265c485f

  • SHA512

    ed78404ea84ac4023e8c9459cef3178e8c5bea8fcddecef49d31a4fc01699f6203f9af11ffe13f66d4ca060e5a1412465b8411cb2df86d858788651ca2958103

Score
10/10
lokibotmodiloadermacropersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.81.7.81/filopkm/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Pago Fecha 2021.xls

    • Size

      126KB

    • MD5

      35c9dbe44c092a5ebb101e1600736228

    • SHA1

      21083aa36e32aea90469131690c3d93f0f7f6c85

    • SHA256

      c66970bdd757e643f76b613a6302a14c6ea6eb6032aebc6b4cfc84fc265c485f

    • SHA512

      ed78404ea84ac4023e8c9459cef3178e8c5bea8fcddecef49d31a4fc01699f6203f9af11ffe13f66d4ca060e5a1412465b8411cb2df86d858788651ca2958103

    Score
    10/10
    lokibotmodiloaderpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks