Overview

overview

10

Static

static

.csrss.exe

windows7-x64

10

.csrss.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    .csrss.exe

  • Size

    1.0MB

  • Sample

    221124-d8832seh74

  • MD5

    1235793b06610aee455d2b77309dafa3

  • SHA1

    828e562831a5eff21a521514297183bc95a56ea6

  • SHA256

    e0574e15253c6a75e46bb422234b05f6bde742fcbc5695c16b4b9d7748d3238b

  • SHA512

    e22166afaf5b2a34f1f38aa67b210bc7b7bb9a1c9f31747e219384bf3cc8c096d3b69a014b44a1c768f7d0dc7ec5a7a9b315f3d12e27f93b1d26521c06d8748e

  • SSDEEP

    24576:iAGfqdOOU3Xt5LVJ27B4czX9nRuvyyuAFgEwo4O1:wfqdOOmt5vKaiXJgqlsl

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gm14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      .csrss.exe

    • Size

      1.0MB

    • MD5

      1235793b06610aee455d2b77309dafa3

    • SHA1

      828e562831a5eff21a521514297183bc95a56ea6

    • SHA256

      e0574e15253c6a75e46bb422234b05f6bde742fcbc5695c16b4b9d7748d3238b

    • SHA512

      e22166afaf5b2a34f1f38aa67b210bc7b7bb9a1c9f31747e219384bf3cc8c096d3b69a014b44a1c768f7d0dc7ec5a7a9b315f3d12e27f93b1d26521c06d8748e

    • SSDEEP

      24576:iAGfqdOOU3Xt5LVJ27B4czX9nRuvyyuAFgEwo4O1:wfqdOOmt5vKaiXJgqlsl

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks