Overview

overview

10

Static

static

Purchase O...2.xlsx

windows7_x64

10

Purchase O...2.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order NO_16732.xlsx

  • Size

    707KB

  • Sample

    210727-t5fnr8mypn

  • MD5

    163bb3b38532d77a90179771fe6f9c56

  • SHA1

    6f54b781306c271e01056b07b3906f992de72d1a

  • SHA256

    87ae90b4bcea2975bbd1ff50473088c164a459c54de7b0285180ab66529bd615

  • SHA512

    5e1fa9eb521cd15430cdd2ac49d9061a3a9d0d12e56132bfb77f2a049e9ab4d0f68d1432b993af84909b5ae2931cd9eb2bed83242f2d263f2eac50b87ccafe71

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://arku.xyz/tkrr/T1/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Purchase Order NO_16732.xlsx

    • Size

      707KB

    • MD5

      163bb3b38532d77a90179771fe6f9c56

    • SHA1

      6f54b781306c271e01056b07b3906f992de72d1a

    • SHA256

      87ae90b4bcea2975bbd1ff50473088c164a459c54de7b0285180ab66529bd615

    • SHA512

      5e1fa9eb521cd15430cdd2ac49d9061a3a9d0d12e56132bfb77f2a049e9ab4d0f68d1432b993af84909b5ae2931cd9eb2bed83242f2d263f2eac50b87ccafe71

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks