lokibot | c3338e8d8bb652e897c624f3380e1432eb1c4c93091b64dd28abc3cfa02fa804

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 06:44

Target

ccfc8289ea1ad3acab95de0c1e65eb2c.exe
Size

990KB
MD5

ccfc8289ea1ad3acab95de0c1e65eb2c
SHA1

b38ece908f2ffec164f1f19619b16d6bca5d0614
SHA256

c3338e8d8bb652e897c624f3380e1432eb1c4c93091b64dd28abc3cfa02fa804
SHA512

b69ff9be50478e7c08216312c2002b46a841f2a233a5a5a895612752b464058d51d11b857fd9c041d0d053dc781a46f2ff3ee7f0c230be2db1bbf3186390bf2a
SSDEEP

24576:SxlH0Rs/WSwTwT2gzlthO/GNuD6FOPSKfBbWyq0:OlH0Rs/cQ2AthO/GNuD6FOPSKJbW

Score

10^/10

Family

lokibot

http://rocheholding.top/evie3/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Suspicious use of SetThreadContext 1 IoCs

Processes:

ccfc8289ea1ad3acab95de0c1e65eb2c.exe

description pid process target process

PID 2872 set thread context of 4428 2872 ccfc8289ea1ad3acab95de0c1e65eb2c.exe ccfc8289ea1ad3acab95de0c1e65eb2c.exe

description	pid	process	target process
PID 2872 set thread context of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

ccfc8289ea1ad3acab95de0c1e65eb2c.exe

description	pid	process	target process
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe
PID 2872 wrote to memory of 4428	2872	ccfc8289ea1ad3acab95de0c1e65eb2c.exe	ccfc8289ea1ad3acab95de0c1e65eb2c.exe

C:\Users\Admin\AppData\Local\Temp\ccfc8289ea1ad3acab95de0c1e65eb2c.exe
"C:\Users\Admin\AppData\Local\Temp\ccfc8289ea1ad3acab95de0c1e65eb2c.exe"
2⤵
PID:4428

memory/2872-0-0x000000007480E000-0x000000007480F000-memory.dmp

Filesize
4KB

Download
memory/2872-1-0x0000000000B40000-0x0000000000C3E000-memory.dmp

Filesize
1016KB

Download
memory/2872-2-0x00000000055C0000-0x000000000560E000-memory.dmp

Filesize
312KB

Download
memory/2872-3-0x0000000005E90000-0x0000000006434000-memory.dmp

Filesize
5.6MB

Download
memory/2872-4-0x0000000005700000-0x0000000005792000-memory.dmp

Filesize
584KB

Download
memory/2872-5-0x00000000058E0000-0x000000000597C000-memory.dmp

Filesize
624KB

Download
memory/2872-6-0x00000000056B0000-0x00000000056B8000-memory.dmp

Filesize
32KB

Download
memory/2872-7-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/2872-12-0x0000000074800000-0x0000000074FB0000-memory.dmp

Filesize
7.7MB

Download
memory/4428-9-0x0000000000700000-0x00000000007A2000-memory.dmp

Filesize
648KB

Download