Overview

overview

10

Static

static

10

Internet-Win7-30min

windows7_x64

10

Analysis

  • max time kernel
    1755s
  • max time network
    1754s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-01-2021 21:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beab751d966672b91fd7a5c2b56b179817d93d8f9e91e5a7f2bac3ee49d47e9b.exe

  • Size

    104KB

  • MD5

    18676025bb00d24b671ec1446e4047f0

  • SHA1

    9b77848d4d485541f05715a347a694b26b16b0e0

  • SHA256

    beab751d966672b91fd7a5c2b56b179817d93d8f9e91e5a7f2bac3ee49d47e9b

  • SHA512

    abfea188c02c56b25f238dc818265ed62eafa5cf4e60eafa53879e2d63e8c44cda4d69b5b5e625298c698e07bd146715f397f5161da7cf6da39aa790bf857821

Score
10/10
lokibotspywarestealertrojan

Malware Config

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\beab751d966672b91fd7a5c2b56b179817d93d8f9e91e5a7f2bac3ee49d47e9b.exe
    "C:\Users\Admin\AppData\Local\Temp\beab751d966672b91fd7a5c2b56b179817d93d8f9e91e5a7f2bac3ee49d47e9b.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1972-2-0x000007FEF6580000-0x000007FEF67FA000-memory.dmp
    Filesize

    2.5MB

    Download