General
-
Target
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f.exe
-
Size
312KB
-
Sample
200529-ejjswpnv7n
-
MD5
c7c69571e1cec97508061c0f74b82990
-
SHA1
346cf5281e30410b18eee22081570b5b871d1b75
-
SHA256
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f
-
SHA512
066f0822cd632f192db558634dba57154870e10dc320cc8cfe405372ad3f096a9fcc835dbbce211599685b65a376b8f1e717088fe2ce1ff6bb84e36e5edc318b
Static task
static1
Behavioral task
behavioral1
Sample
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f.exe
Resource
win10v200430
Malware Config
Extracted
lokibot
http://198.23.200.239/~boxing/.tcsogb/vc.php/PEcJl1aDhYHqQ
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f.exe
-
Size
312KB
-
MD5
c7c69571e1cec97508061c0f74b82990
-
SHA1
346cf5281e30410b18eee22081570b5b871d1b75
-
SHA256
94c914046132fd797e130cf9f1844b2ff83ae5de8427d91a7c42eb97ac9c0d2f
-
SHA512
066f0822cd632f192db558634dba57154870e10dc320cc8cfe405372ad3f096a9fcc835dbbce211599685b65a376b8f1e717088fe2ce1ff6bb84e36e5edc318b
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-