Overview

overview

10

Static

static

79f082d15b...bc.exe

windows7_x64

10

79f082d15b...bc.exe

windows10_x64

10

Analysis

  • max time kernel
    59s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    24-06-2021 03:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79f082d15ba41f011bde45960cd32cbc.exe

  • Size

    1.1MB

  • MD5

    f1f80c57e5849f51d9fb3c519697826a

  • SHA1

    69cda29c89885b0c798362952f71fbe2fc9038f5

  • SHA256

    93ac78a024d6a0554a492cf2614ff7f75f12763b220980ad35b0a5c2994fcac7

  • SHA512

    b76a797fe4b1561e850229ac8041c625a4b3c20ca9eebf9893961872aa61f5682e1458db3f276d5f2791d82dd0163246572a0f454224e340389d82f6da74baee

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/vkuep8Jt3rHQ5

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79f082d15ba41f011bde45960cd32cbc.exe
    "C:\Users\Admin\AppData\Local\Temp\79f082d15ba41f011bde45960cd32cbc.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Users\Admin\AppData\Local\Temp\79f082d15ba41f011bde45960cd32cbc.exe
      "C:\Users\Admin\AppData\Local\Temp\79f082d15ba41f011bde45960cd32cbc.exe"
      2⤵
      • Suspicious behavior: RenamesItself
      • Suspicious use of AdjustPrivilegeToken
      PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3156-114-0x00000000002D0000-0x00000000002D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-116-0x00000000074D0000-0x00000000074D1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-117-0x0000000007A70000-0x0000000007A71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-118-0x0000000007570000-0x0000000007571000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-119-0x0000000007470000-0x0000000007471000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-120-0x0000000007740000-0x0000000007741000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-121-0x0000000007220000-0x0000000007221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3156-122-0x0000000007730000-0x0000000007740000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3156-123-0x0000000009A80000-0x0000000009AFF000-memory.dmp
    Filesize

    508KB

    Download
  • memory/3156-124-0x0000000000A90000-0x0000000000ADB000-memory.dmp
    Filesize

    300KB

    Download
  • memory/3736-126-0x00000000004139DE-mapping.dmp
    Download
  • memory/3736-125-0x0000000000400000-0x00000000004A2000-memory.dmp
    Filesize

    648KB

    Download
  • memory/3736-127-0x0000000000400000-0x00000000004A2000-memory.dmp
    Filesize

    648KB

    Download