PO-4147074_pdf.ace

General
Target

PO-4147074_pdf.ace

Size

668KB

Sample

210421-mcgzwsad7x

Score
10 /10
MD5

d181c261d57a6352733a68c37ec63472

SHA1

14415af946546b03da77cd1f9931d47a91205269

SHA256

141bb53e82f9d6e5e6707ee5305cef2b55ec1ae8ab0344e01dea7bdbea8c4d58

SHA512

18cbe1a56926561b76a4e207decf404fd885470ce399c3b57513480a5e4f6d1dc4728ac125edd34ec53ebab7fcf2167338d5964c06c464878f675b6ee86187f8

Malware Config

Extracted

Family lokibot
C2

http://51.195.53.221/p.php/7MPTLmOD4nAsj

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

PO-4147074_pdf.exe

MD5

44843dd3330a3965f49c9be7f174858e

Filesize

690KB

Score
10 /10
SHA1

e07a307359ecfe63e6dd16c8c31aee4552822300

SHA256

3a034fa5c2fe8254340a6d7fd68887fb925d0d4804758d60e87aac56e737cfa8

SHA512

efdd3f775d4a3fe198130a0c52e3b994bb7198781a49d410ebb7a49b6ec9d8ad2aeed5c0e3ffa02477814658390bb6a5e1e7eff95c74b5b9ddcfa42ce990e81a

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Looks for VirtualBox Guest Additions in registry

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Looks for VMWare Tools registry key

    Tags

    TTPs

    Query Registry Virtualization/Sandbox Evasion
  • Checks BIOS information in registry

    Description

    BIOS information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry System Information Discovery
  • Maps connected drives based on registry

    Description

    Disk information is often read in order to detect sandboxing environments.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1