Overview

overview

10

Static

static

a311beccd4...80.exe

windows7_x64

10

a311beccd4...80.exe

windows10_x64

10

Analysis

  • max time kernel
    125s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    16-07-2020 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80.exe

  • Size

    218KB

  • MD5

    e95da9287dbc6a6f45397233b50156ae

  • SHA1

    1328ca513f25230d794007cc29c46bd9f247ec85

  • SHA256

    a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80

  • SHA512

    3b87ee08fd3a1f2d44e5374ae263a30209c80304f120e73d834930eb019bf7b1efc145be7a77545d00669cff4662ab39127ca1f02d4a4369744ebccca85142eb

Score
10/10
spywaretrojanstealerlokibot

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

Processes

  • C:\Users\Admin\AppData\Local\Temp\a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80.exe
    "C:\Users\Admin\AppData\Local\Temp\a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: RenamesItself
    PID:1108

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1108-0-0x000000000028A000-0x000000000028B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1108-1-0x0000000000EF0000-0x0000000000F01000-memory.dmp

    Filesize

    68KB

    Download