General

  • Target

    6239857127096320.zip

  • Size

    324KB

  • Sample

    210802-w54ry2f37e

  • MD5

    1ffc158314d8a085d32a53b29aa9c9c8

  • SHA1

    e32c02233fcbd4bd48976d1ca29175082c377443

  • SHA256

    4e8d0c07c952e2c0ab161c2b1f5d4957019eb783578ddc95515497b391522134

  • SHA512

    0d67580fcfb69d61a5430554d74bcfafa4c861bbb4567a9244224b73d1e5578163385a6ad54faaa43d8353bed69b7795532ee56e387118f117c3d1cfb512358a

Malware Config

Targets

    • Target

      665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5

    • Size

      363KB

    • MD5

      c4ffcc4b39b9606729ebebadd9fab876

    • SHA1

      d2e3847753aa950742a10f94cc30de34415912a6

    • SHA256

      665fd96b85ea042425196dee4acf9d3c0dcea573bca9e6ffa05924b59281c5d5

    • SHA512

      7d81d82fc04ec4bba1048846379ff1d5a6501ace684945537c3b989a7124c94234e6317e57fc42c67fc1f2373f9e2a5ac45a50d8f0bbe39400f7175a151a5956

    • BetaBot

      Beta Bot is a Trojan that infects computers and disables Antivirus.

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Modifies firewall policy service

    • Executes dropped EXE

    • Sets file execution options in registry

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks