General
-
Target
7a212c998e95baab13f8f3157665d6f8da5ca82d21d11b60a9f2fe3c5e53b492.exe
-
Size
589KB
-
Sample
200630-8yn3f1gh8x
-
MD5
9d10243d9bb92abdff699e688612de5a
-
SHA1
ad5b063857a7dbc03ca1b6c5c91ba897d53000ca
-
SHA256
7a212c998e95baab13f8f3157665d6f8da5ca82d21d11b60a9f2fe3c5e53b492
-
SHA512
12061197ce50fd4b43baa0bebeb1279df7bcea07ba929a34b3b57890b4a8a2caa72854539dd1415e4db21359ac281d4348d33d61f735da065021475d3dd8ebbd
Static task
static1
Behavioral task
behavioral1
Sample
7a212c998e95baab13f8f3157665d6f8da5ca82d21d11b60a9f2fe3c5e53b492.exe
Resource
win7
Malware Config
Extracted
lokibot
airmanselectiontest.com/oo/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7a212c998e95baab13f8f3157665d6f8da5ca82d21d11b60a9f2fe3c5e53b492.exe
-
Size
589KB
-
MD5
9d10243d9bb92abdff699e688612de5a
-
SHA1
ad5b063857a7dbc03ca1b6c5c91ba897d53000ca
-
SHA256
7a212c998e95baab13f8f3157665d6f8da5ca82d21d11b60a9f2fe3c5e53b492
-
SHA512
12061197ce50fd4b43baa0bebeb1279df7bcea07ba929a34b3b57890b4a8a2caa72854539dd1415e4db21359ac281d4348d33d61f735da065021475d3dd8ebbd
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-