Overview

overview

10

Static

static

SecuriteIn...41.exe

windows7-x64

10

SecuriteIn...41.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    138s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.7894.18041.exe

  • Size

    271KB

  • MD5

    94eee2b3f0cdd96443ce5b40fdfbb478

  • SHA1

    a3e3f0c0667b69f8df853cb8d81b4beb7cdf4b0c

  • SHA256

    3b035fe66db6dd547d83303dad5af3f830ad102703324606c09e0e17076495d6

  • SHA512

    eb65979eb2106ec14cc4cb1b33291166dd77046ecb9b0733758d50fbf9046381c52c96c4276fead52c85b450e2afa1fbf101f33804022ca59497270f565ffe5c

  • SSDEEP

    6144:yswLlfy4t93basZbuG3qpUgo9CGjk6yllL:eJfvP3basL3soFjjQd

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.7894.18041.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.PWSX-gen.7894.18041.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2028-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2028-55-0x00000000005BA000-0x00000000005CF000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2028-56-0x0000000000020000-0x000000000003B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/2028-57-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/2028-58-0x00000000005BA000-0x00000000005CF000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2028-59-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download