Extracted

• • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/MadMan.exe

  Score

  10^/10

  lokibotagilenetbootkitcollectionevasionpersistenceransomwarespywarestealertrojanupx

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Disables Task Manager via registry modification

    evasion

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of SetThreadContext

  behavioral1