lokibot | cabcc377f00b0aa676d3139e7f14fa7881c5f25875d5218e25645db7e129992c

General

Target

Standard Chartered Bank.exe
Size

498KB
MD5

810e9eebba5cce5bf0d44cbb5e3b5a19
SHA1

bf031ef4b6b87f9e0cb2c540745614fb914475d4
SHA256

cabcc377f00b0aa676d3139e7f14fa7881c5f25875d5218e25645db7e129992c
SHA512

c6b33f8be189ff612388fd48f0e6bbeafbf7ec57b65133afbffe1484306288ed8dfe568bfe8d8e65b7bea9d819068f52d8dc073e1e9b45c145a338c06a02e9f1

Score

10^/10

Family

lokibot

C2

http://63.141.228.141/32.php/5l0ZnNa7AB6Dl

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Suspicious use of SetThreadContext 1 IoCs

Processes:

Standard Chartered Bank.exe

description pid process target process

PID 1440 set thread context of 3828 1440 Standard Chartered Bank.exe Standard Chartered Bank.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Standard Chartered Bank.exe

pid process

1440 Standard Chartered Bank.exe
1440 Standard Chartered Bank.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

Standard Chartered Bank.exe

pid process

3828 Standard Chartered Bank.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Standard Chartered Bank.exeStandard Chartered Bank.exe

description pid process

Token: SeDebugPrivilege 1440 Standard Chartered Bank.exe
Token: SeDebugPrivilege 3828 Standard Chartered Bank.exe

description	pid	process	target process
PID 1440 set thread context of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe

pid	process
1440	Standard Chartered Bank.exe
1440	Standard Chartered Bank.exe

pid	process
3828	Standard Chartered Bank.exe

description	pid	process
Token: SeDebugPrivilege	1440	Standard Chartered Bank.exe
Token: SeDebugPrivilege	3828	Standard Chartered Bank.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

Standard Chartered Bank.exe

description	pid	process	target process
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe
PID 1440 wrote to memory of 3828	1440	Standard Chartered Bank.exe	Standard Chartered Bank.exe

memory/1440-114-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/1440-116-0x00000000051E0000-0x00000000051E1000-memory.dmp

Filesize
4KB

Download
memory/1440-117-0x0000000002C50000-0x0000000002C7F000-memory.dmp

Filesize
188KB

Download
memory/1440-118-0x00000000052F0000-0x0000000005323000-memory.dmp

Filesize
204KB

Download
memory/3828-119-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/3828-120-0x00000000004139DE-mapping.dmp

Download
memory/3828-121-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download