General
-
Target
1307741.msi
-
Size
260KB
-
Sample
200630-epss96kpjx
-
MD5
7809e01e1d5e235a89203de4c892623c
-
SHA1
697ae5ef7f232d81b66c369060882c30dc942fa8
-
SHA256
0864dbe292a5fc5e96f14f9e4164d3964660c45442f08a4151877ce4974d8ecb
-
SHA512
267dbc22fb8908707f68ce383b9e9e976707e7be1c1478c0768964e17375f91caea5f229277b77672dc0cdbcb5155b24bf03f9ee7b85889c1c6183e6e572a8a8
Static task
static1
Behavioral task
behavioral1
Sample
1307741.msi
Resource
win7
Malware Config
Extracted
lokibot
http://crogtrt.com/rozay/pin.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1307741.msi
-
Size
260KB
-
MD5
7809e01e1d5e235a89203de4c892623c
-
SHA1
697ae5ef7f232d81b66c369060882c30dc942fa8
-
SHA256
0864dbe292a5fc5e96f14f9e4164d3964660c45442f08a4151877ce4974d8ecb
-
SHA512
267dbc22fb8908707f68ce383b9e9e976707e7be1c1478c0768964e17375f91caea5f229277b77672dc0cdbcb5155b24bf03f9ee7b85889c1c6183e6e572a8a8
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for installed software on the system
-
Enumerates connected drives
-
Modifies service
-
Suspicious use of SetThreadContext
-