lokibot | 120cacb24dddf38d691c51a2f8fcce313574c5edbe35d00bae9d654968d7389a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13-05-2024 13:05

Target

heathzx.scr.exe
Size

475KB
MD5

ef7dcebf0a73f49ded7f17ba4b3c1597
SHA1

e2f6a9664fe8b53e82932491a963f3b3a15dc8a1
SHA256

120cacb24dddf38d691c51a2f8fcce313574c5edbe35d00bae9d654968d7389a
SHA512

79dd1d828effff5953d497405b009da0298215975aa2790eb9c9d2d519f9ff34cdb8b9f4634be82fd107b9b9bd9bce299334deba2e338cb0f2d78b9c044fcc23
SSDEEP

6144:8ApnvFMLzuP4RAu1icAp9/7ZxWgwxahXL92z2D8eYqzwcbL+6MyryXpZ+UnS1GKf:8kxwwJxWdahRg2ZHq6Myry1WQwLX

Score

10^/10

Family

lokibot

http://spencerstuartllc.top/evie2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
trojan spyware stealer lokibot
Suspicious use of SetThreadContext 1 IoCs

Processes:

heathzx.scr.exe

description pid process target process

PID 2284 set thread context of 2972 2284 heathzx.scr.exe heathzx.scr.exe

description	pid	process	target process
PID 2284 set thread context of 2972	2284	heathzx.scr.exe	heathzx.scr.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

heathzx.scr.exe

description	pid	process	target process
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe
PID 2284 wrote to memory of 2972	2284	heathzx.scr.exe	heathzx.scr.exe

C:\Users\Admin\AppData\Local\Temp\heathzx.scr.exe
"C:\Users\Admin\AppData\Local\Temp\heathzx.scr.exe"
2⤵
PID:2972

memory/2284-0-0x00000000742DE000-0x00000000742DF000-memory.dmp

Filesize
4KB

Download
memory/2284-1-0x0000000000080000-0x00000000000FE000-memory.dmp

Filesize
504KB

Download
memory/2284-2-0x0000000000580000-0x00000000005CE000-memory.dmp

Filesize
312KB

Download
memory/2284-3-0x0000000000640000-0x0000000000648000-memory.dmp

Filesize
32KB

Download
memory/2284-18-0x00000000742D0000-0x00000000749BE000-memory.dmp

Filesize
6.9MB

Download
memory/2284-17-0x00000000742D0000-0x00000000749BE000-memory.dmp

Filesize
6.9MB

Download
memory/2972-15-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download
memory/2972-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2972-11-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download
memory/2972-9-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download
memory/2972-7-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download
memory/2972-6-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download
memory/2972-4-0x0000000000110000-0x00000000001B2000-memory.dmp

Filesize
648KB

Download