lokibot | 624222e2621e27d2fa7e5501300b150ab8ba8fbdd92a1ca108d641b0f34d6926

General

Target

PTI invoice of oc 4f -36..exe
Size

849KB
MD5

7d4c0543f30b67b2d2c30cc548d2b725
SHA1

dacea8e26c5e8d50f8aa65a0c76fbfc6db24c8e0
SHA256

5c932da9805dcfbf5d7188eb6e0938c13b3291cdb11be5564cb446a07cd12011
SHA512

c3a1139c74b01ebedabcb128eb8a57661c41aa1684ae244d12a1b3765bce455528ea115fa922af44720e5fedc1cfbe019c63db25d7886fb96f006db1c5b31e0a

Score

10^/10

Family

lokibot

C2

http://abixmaly.duckdns.org/binge/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
suricata: ET MALWARE LokiBot Checkin
suricata
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata
Suspicious use of SetThreadContext 1 IoCs

Processes:

PTI invoice of oc 4f -36..exe

description pid process target process

PID 1092 set thread context of 1052 1092 PTI invoice of oc 4f -36..exe PTI invoice of oc 4f -36..exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

PTI invoice of oc 4f -36..exe

pid process

1092 PTI invoice of oc 4f -36..exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

PTI invoice of oc 4f -36..exe

pid process

1052 PTI invoice of oc 4f -36..exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

PTI invoice of oc 4f -36..exePTI invoice of oc 4f -36..exe

description pid process

Token: SeDebugPrivilege 1092 PTI invoice of oc 4f -36..exe
Token: SeDebugPrivilege 1052 PTI invoice of oc 4f -36..exe

description	pid	process	target process
PID 1092 set thread context of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe

pid	process
1092	PTI invoice of oc 4f -36..exe

pid	process
1052	PTI invoice of oc 4f -36..exe

description	pid	process
Token: SeDebugPrivilege	1092	PTI invoice of oc 4f -36..exe
Token: SeDebugPrivilege	1052	PTI invoice of oc 4f -36..exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

PTI invoice of oc 4f -36..exe

description	pid	process	target process
PID 1092 wrote to memory of 1324	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1324	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1324	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1324	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe
PID 1092 wrote to memory of 1052	1092	PTI invoice of oc 4f -36..exe	PTI invoice of oc 4f -36..exe

C:\Users\Admin\AppData\Local\Temp\PTI invoice of oc 4f -36..exe
"C:\Users\Admin\AppData\Local\Temp\PTI invoice of oc 4f -36..exe"
2⤵
PID:1324

memory/1052-66-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/1052-67-0x00000000004139DE-mapping.dmp

Download
memory/1052-68-0x0000000075AF1000-0x0000000075AF3000-memory.dmp

Filesize
8KB

Download
memory/1052-69-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/1092-60-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/1092-62-0x0000000004D40000-0x0000000004D41000-memory.dmp

Filesize
4KB

Download
memory/1092-63-0x0000000000260000-0x000000000027B000-memory.dmp

Filesize
108KB

Download
memory/1092-64-0x00000000056D0000-0x0000000005731000-memory.dmp

Filesize
388KB

Download
memory/1092-65-0x00000000005D0000-0x00000000005ED000-memory.dmp

Filesize
116KB

Download