General
-
Target
b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9.exe
-
Size
594KB
-
Sample
200529-76pjmhvzta
-
MD5
c5dffe2ac05bc45d1cada578d4aa29d9
-
SHA1
d250030143d84168e640f202ebb09197fd0abdd6
-
SHA256
b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9
-
SHA512
35c96a7d91da53031c3fc2c18505e834f22f8a58faddc1e1100b34ea970707d8e2728e552ae5d32694cce346c33d3f911d68922c83a925356cbe9d051f34cfa6
Static task
static1
Behavioral task
behavioral1
Sample
b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://rob1nsonus.tk/Obi/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9.exe
-
Size
594KB
-
MD5
c5dffe2ac05bc45d1cada578d4aa29d9
-
SHA1
d250030143d84168e640f202ebb09197fd0abdd6
-
SHA256
b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9
-
SHA512
35c96a7d91da53031c3fc2c18505e834f22f8a58faddc1e1100b34ea970707d8e2728e552ae5d32694cce346c33d3f911d68922c83a925356cbe9d051f34cfa6
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-