Overview

overview

10

Static

static

8

1307741.msi

windows7_x64

10

1307741.msi

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1307741.msi

  • Size

    260KB

  • Sample

    200630-epss96kpjx

  • MD5

    7809e01e1d5e235a89203de4c892623c

  • SHA1

    697ae5ef7f232d81b66c369060882c30dc942fa8

  • SHA256

    0864dbe292a5fc5e96f14f9e4164d3964660c45442f08a4151877ce4974d8ecb

  • SHA512

    267dbc22fb8908707f68ce383b9e9e976707e7be1c1478c0768964e17375f91caea5f229277b77672dc0cdbcb5155b24bf03f9ee7b85889c1c6183e6e572a8a8

Score
10/10
lokibotdiscoverymacropersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://crogtrt.com/rozay/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1307741.msi

    • Size

      260KB

    • MD5

      7809e01e1d5e235a89203de4c892623c

    • SHA1

      697ae5ef7f232d81b66c369060882c30dc942fa8

    • SHA256

      0864dbe292a5fc5e96f14f9e4164d3964660c45442f08a4151877ce4974d8ecb

    • SHA512

      267dbc22fb8908707f68ce383b9e9e976707e7be1c1478c0768964e17375f91caea5f229277b77672dc0cdbcb5155b24bf03f9ee7b85889c1c6183e6e572a8a8

    Score
    10/10
    discoveryspywaretrojanstealerlokibotpersistence

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks for installed software on the system

      discovery

    • Enumerates connected drives

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks