Overview

overview

10

Static

static

Purchase_i...st.exe

windows7_x64

10

Purchase_i...st.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase_items_List.exe

  • Size

    596KB

  • Sample

    220522-gcr2fagce9

  • MD5

    b3e40421c6609be05bc116697126146d

  • SHA1

    319e92693d1ef6ea296a945577269625d10ce682

  • SHA256

    cd4247426c4fbd531a62dedb1c599360312f3d48ab0800699f8a54ee4fb88c17

  • SHA512

    b4d7c390c361fe34412dde90d568572884bd7107706925fe32ace39b5c8cb15e8d0ea0d5da407a59ad16d2583c573fc8c199ce820fe5173f966d03ca0cea43cd

Score
10/10
lokibotbootkitcollectionpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://pimplord.ru/projects/image/ssl/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Purchase_items_List.exe

    • Size

      596KB

    • MD5

      b3e40421c6609be05bc116697126146d

    • SHA1

      319e92693d1ef6ea296a945577269625d10ce682

    • SHA256

      cd4247426c4fbd531a62dedb1c599360312f3d48ab0800699f8a54ee4fb88c17

    • SHA512

      b4d7c390c361fe34412dde90d568572884bd7107706925fe32ace39b5c8cb15e8d0ea0d5da407a59ad16d2583c573fc8c199ce820fe5173f966d03ca0cea43cd

    Score
    10/10
    lokibotbootkitcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks