Overview

overview

10

Static

static

IMG_50617.doc

windows7_x64

10

IMG_50617.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_50617.doc

  • Size

    1.0MB

  • Sample

    210118-w8s68c1k3n

  • MD5

    40c731d1d1b148ae3a20a0ee33e93ded

  • SHA1

    8f3bd8a07d5a352b6fffb13cb13c8846a67cff85

  • SHA256

    bbe8328638e65517d387450d90b5e4b803bcdb1609315800d3542b754ff5c382

  • SHA512

    badb844b99e27366a28bb27d09f2a6bb01374cc01382c3bd869f51ae0fe4ab3287a4c7864b7aa365a1407af20e2ff0d17b39c762494f10a1f68ce2343e61b593

Score
10/10
lokibotpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.206.215.56/morx/1/cgi.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      IMG_50617.doc

    • Size

      1.0MB

    • MD5

      40c731d1d1b148ae3a20a0ee33e93ded

    • SHA1

      8f3bd8a07d5a352b6fffb13cb13c8846a67cff85

    • SHA256

      bbe8328638e65517d387450d90b5e4b803bcdb1609315800d3542b754ff5c382

    • SHA512

      badb844b99e27366a28bb27d09f2a6bb01374cc01382c3bd869f51ae0fe4ab3287a4c7864b7aa365a1407af20e2ff0d17b39c762494f10a1f68ce2343e61b593

    Score
    10/10
    lokibotpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks