Analysis
-
max time kernel
99s -
max time network
136s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
21-07-2021 18:05
General
-
Target
0n4xyK1WyMB3UE2.exe
-
Size
1.1MB
-
MD5
825ebfccb4c9e1b2a71f8e931d751aaf
-
SHA1
9318735795acaca9794a92030492b9c2c5fc0aab
-
SHA256
c17b37bb3f9b18f160029a7d48d3beef1a15cb3fd51033e6c6ccf4c871377c12
-
SHA512
6609b39beec7a86d7994a8b3198556ede8a9654ce84d517ccdc58d5d650361a1e369faba05ca5c93ed998355c60d2c17a9031547f5df9a865e42ab644f7f2bf0
Score
10/10
Malware Config
Extracted
Family
lokibot
C2
https://luoslasco.xyz/to/ya/vd.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0n4xyK1WyMB3UE2.exe"C:\Users\Admin\AppData\Local\Temp\0n4xyK1WyMB3UE2.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0n4xyK1WyMB3UE2.exe"{path}"2⤵
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
-
Filesize
648KB
-
Filesize
8KB
-
Filesize
648KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8KB
-
Filesize
688KB
-
Filesize
384KB