lokibot | eef89bbd9fcfb6e1b095b5302af5c176ed593bf9c6ce26d0be6ebeddc7fa0e6a

General

Target

a0339a15a2f219b54b3c1a6b4afbc6be.exe
Size

632KB
MD5

a0339a15a2f219b54b3c1a6b4afbc6be
SHA1

7df7a7515715283591582974eb47197c9369efe3
SHA256

eef89bbd9fcfb6e1b095b5302af5c176ed593bf9c6ce26d0be6ebeddc7fa0e6a
SHA512

30037c5446b79946da950d99ba0b315134d7793307f8fb25255a0db8121d70f8df201029ffd00d7cb4b1ed6201ab60795727b983296a03a0a5a2fac28d792a84

Score

10^/10

Family

lokibot

C2

http://vikinproducts.com/Mrlogs/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Suspicious use of SetThreadContext 1 IoCs

Processes:

a0339a15a2f219b54b3c1a6b4afbc6be.exe

description pid process target process

PID 676 set thread context of 616 676 a0339a15a2f219b54b3c1a6b4afbc6be.exe a0339a15a2f219b54b3c1a6b4afbc6be.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

a0339a15a2f219b54b3c1a6b4afbc6be.exe

pid process

616 a0339a15a2f219b54b3c1a6b4afbc6be.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a0339a15a2f219b54b3c1a6b4afbc6be.exe

description pid process

Token: SeDebugPrivilege 616 a0339a15a2f219b54b3c1a6b4afbc6be.exe

description	pid	process	target process
PID 676 set thread context of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe

pid	process
616	a0339a15a2f219b54b3c1a6b4afbc6be.exe

description	pid	process
Token: SeDebugPrivilege	616	a0339a15a2f219b54b3c1a6b4afbc6be.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

a0339a15a2f219b54b3c1a6b4afbc6be.exe

description	pid	process	target process
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe
PID 676 wrote to memory of 616	676	a0339a15a2f219b54b3c1a6b4afbc6be.exe	a0339a15a2f219b54b3c1a6b4afbc6be.exe

memory/616-67-0x00000000004139DE-mapping.dmp

Download
memory/616-66-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/616-68-0x0000000075051000-0x0000000075053000-memory.dmp

Filesize
8KB

Download
memory/616-69-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/676-59-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/676-61-0x0000000000590000-0x0000000000629000-memory.dmp

Filesize
612KB

Download
memory/676-62-0x0000000004AF0000-0x0000000004AF1000-memory.dmp

Filesize
4KB

Download
memory/676-63-0x00000000002C0000-0x00000000002DB000-memory.dmp

Filesize
108KB

Download
memory/676-64-0x0000000004F60000-0x0000000004FC6000-memory.dmp

Filesize
408KB

Download
memory/676-65-0x00000000004E0000-0x0000000000501000-memory.dmp

Filesize
132KB

Download