General
-
Target
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf.exe
-
Size
265KB
-
Sample
200529-g78nbqb5ps
-
MD5
9da76ccff3dba8b0a81bcaa89e16eb0a
-
SHA1
c101fab4d20ea8848870caffb88a5f7cce06c8aa
-
SHA256
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
-
SHA512
704e0030b8ba9f6c25165b10c10047d850a0bf448f926e67781236fb0e8ef93deac531f9a97458297993da7a279d22d2c8957975c1517b58731a55b8195a0489
Static task
static1
Behavioral task
behavioral1
Sample
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://20gharch.ir/catalog/mike/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf.exe
-
Size
265KB
-
MD5
9da76ccff3dba8b0a81bcaa89e16eb0a
-
SHA1
c101fab4d20ea8848870caffb88a5f7cce06c8aa
-
SHA256
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
-
SHA512
704e0030b8ba9f6c25165b10c10047d850a0bf448f926e67781236fb0e8ef93deac531f9a97458297993da7a279d22d2c8957975c1517b58731a55b8195a0489
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-