General
-
Target
Document BL.exe
-
Size
612KB
-
Sample
200707-83m3vdwajx
-
MD5
27769fb4bac6f2524fc6350e6d7b1db0
-
SHA1
b5ff1e95aed725b961aebf0358e2ed80bba5a113
-
SHA256
d4908eb3e61038e0ed961eef84160c92f87d5a1b8243b7b6d9b8c76d539da7fd
-
SHA512
689962aa9aa63565394cb22a9691fb266566131f55a71d8c8c7ca3ebc358a876f54dd47abafc7af4b2ba2ea973c4257a02a3d3032b4b3d0899b059027d8c8670
Static task
static1
Behavioral task
behavioral1
Sample
Document BL.exe
Resource
win7
Malware Config
Extracted
lokibot
http://lokvrtz.ga/ATZ/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Document BL.exe
-
Size
612KB
-
MD5
27769fb4bac6f2524fc6350e6d7b1db0
-
SHA1
b5ff1e95aed725b961aebf0358e2ed80bba5a113
-
SHA256
d4908eb3e61038e0ed961eef84160c92f87d5a1b8243b7b6d9b8c76d539da7fd
-
SHA512
689962aa9aa63565394cb22a9691fb266566131f55a71d8c8c7ca3ebc358a876f54dd47abafc7af4b2ba2ea973c4257a02a3d3032b4b3d0899b059027d8c8670
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-