Overview

overview

10

Static

static

?? GF ISF ...US.scr

windows7_x64

10

?? GF ISF ...US.scr

windows10-2004_x64

10

HLN200422U...88.scr

windows7_x64

10

HLN200422U...88.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29

  • Size

    820KB

  • Sample

    220521-m4kpbsgbaq

  • MD5

    765ae04ee3d33e7116cc238b0bfc67e5

  • SHA1

    5b0f0d8925eaf139086dbf24ad9a9cb7ca5f6176

  • SHA256

    fb350e956f191e61e1b6b973e5bdf0d1b50721aa3c18d380d62847c517b3ad29

  • SHA512

    638dc0d7c7b7f37c3d62a4fd227d8e384615d58213541105756f6fc060a9c3faad8be2150b86fb99b6da6ebcd91e573e332dc697504b5a8f4b44c407267928dc

Score
10/10
lokibotwarzoneratcollectioninfostealerratspywarestealertrojan

Malware Config

Targets

    • Target

      ?? GF ISF Required Elements Worksheet v2 0 (new) - HL-US.scr

    • Size

      705KB

    • MD5

      1aeaa3d7660586286f1de3a8cf42b6a7

    • SHA1

      af967f241edf3c1d966e6770e9721049b5c3d58f

    • SHA256

      074a27ca162b894fea8bd9446e45b40e5342a07024589f3ad28e873d7fd9d8c8

    • SHA512

      32fcc1af5b95df3f8e32109e0b7924db8527cb455e6a77b317bcb34ecdf5e429c9a42b0fdf231c6d16f7cdca6e673e69f2a9988a1fb4e21b6907612813c7daa1

    Score
    10/10
    warzoneratinfostealerrat

    • WarzoneRat, AveMaria

      WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

      ratinfostealerwarzonerat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      HLN200422U invoice - VGM-2004228688.scr

    • Size

      699KB

    • MD5

      eba7e5d5814039d500ade6a499fe63b9

    • SHA1

      4e535c9efc3b416b3478aded61b81032f06af18d

    • SHA256

      3f8450e921b84377b412af35fa2fdb5649803ee724c2ef3eb3dab0060a0e4909

    • SHA512

      b2628ed815db9eae2fdf02c6a362293282142bc592f780a16438bdc36095a2575dbf208e36847943cae805fcf88df1dce29cc74155a95328fa789f1f562c961e

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks