Overview

overview

10

Static

static

Swift_INV0...20.doc

windows7_x64

10

Swift_INV0...20.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift_INV0880021152020.doc

  • Size

    6KB

  • Sample

    210118-8qy8dxsb7x

  • MD5

    d7df8a029d7851e26d5ee9115af4b40e

  • SHA1

    549f56becc1a13209dc0f240e822794ab6b7592f

  • SHA256

    f52b020e86065767d221b34d5aa8c0d794222336cd2c221ec13685e37a50de07

  • SHA512

    bd354c9b7f04df8f49a4ab772ca027dfd4c8e77b17cb339a5791b14c53a37d2dcc1b4b286bb68ea92b5d63580366a16c3fd52b3d8ea4877126e4cb3f0f75548e

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://okpana.com/chief/boss/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Swift_INV0880021152020.doc

    • Size

      6KB

    • MD5

      d7df8a029d7851e26d5ee9115af4b40e

    • SHA1

      549f56becc1a13209dc0f240e822794ab6b7592f

    • SHA256

      f52b020e86065767d221b34d5aa8c0d794222336cd2c221ec13685e37a50de07

    • SHA512

      bd354c9b7f04df8f49a4ab772ca027dfd4c8e77b17cb339a5791b14c53a37d2dcc1b4b286bb68ea92b5d63580366a16c3fd52b3d8ea4877126e4cb3f0f75548e

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks