Overview

overview

10

Static

static

8

swift 0182021.xls

windows7_x64

10

swift 0182021.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift 0182021.xls

  • Size

    215KB

  • Sample

    210111-3dceba2h9j

  • MD5

    d5185ca33c490e907fc4fa6b22558890

  • SHA1

    151f729d65c4241ccde8e7055b57d1176d29198d

  • SHA256

    eaa14ff5cdf3ec428bd1b0c2689272996741a4c93f3c1289934057c3c5cafc78

  • SHA512

    b214da4e9284615faebdd60fd45f8f161aabc06428ac40f0cd8ec83a870dd225dfbe9795a6d8e1e192734f748a92b5d7da6f436325e8de60ed4e46fcd41dcbbf

Score
10/10
lokibotmodiloadermacrospywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://worldpackmx.com/fretyuil/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      swift 0182021.xls

    • Size

      215KB

    • MD5

      d5185ca33c490e907fc4fa6b22558890

    • SHA1

      151f729d65c4241ccde8e7055b57d1176d29198d

    • SHA256

      eaa14ff5cdf3ec428bd1b0c2689272996741a4c93f3c1289934057c3c5cafc78

    • SHA512

      b214da4e9284615faebdd60fd45f8f161aabc06428ac40f0cd8ec83a870dd225dfbe9795a6d8e1e192734f748a92b5d7da6f436325e8de60ed4e46fcd41dcbbf

    Score
    10/10
    lokibotmodiloaderspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

      trojanmodiloader

    • ModiLoader First Stage

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks