General
-
Target
c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016.exe
-
Size
595KB
-
Sample
200529-w42tz5v84e
-
MD5
782040dfe7a260370bfb081fb3c1086c
-
SHA1
bcff1188aff971286210fc3a2e4ed437a76607a1
-
SHA256
c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016
-
SHA512
e84cb30fc711969bbe0aabf0285d76876d07fa3f17160798b50bb0607c522a3769e56d623f72ae64fb49989e5ba9bec319e024aa63cd2dbcc202cfbf2b55528f
Static task
static1
Behavioral task
behavioral1
Sample
c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://superson.cf/Darren/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016.exe
-
Size
595KB
-
MD5
782040dfe7a260370bfb081fb3c1086c
-
SHA1
bcff1188aff971286210fc3a2e4ed437a76607a1
-
SHA256
c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016
-
SHA512
e84cb30fc711969bbe0aabf0285d76876d07fa3f17160798b50bb0607c522a3769e56d623f72ae64fb49989e5ba9bec319e024aa63cd2dbcc202cfbf2b55528f
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-