General
-
Target
06-07-2020_Doc.exe
-
Size
332KB
-
Sample
200707-j8py3qmdv6
-
MD5
dd03071b4a17130fcff4f9fb5b4fd533
-
SHA1
8a038e1ed5dcede0207e2267890a7dc9393d28ef
-
SHA256
404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c
-
SHA512
6f94f89dda5c2e6bca2a61219cfa30631751c3dce73c375b9515fb2493ae5709be18ba23f0eb9b06cd6e2a30af50e2dbd6326c06305569bb64a75aca3f736c8e
Static task
static1
Behavioral task
behavioral1
Sample
06-07-2020_Doc.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
06-07-2020_Doc.exe
Resource
win10
Malware Config
Extracted
lokibot
http://195.69.140.147/.op/cr.php/xbqxHCR0T1UiD
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
06-07-2020_Doc.exe
-
Size
332KB
-
MD5
dd03071b4a17130fcff4f9fb5b4fd533
-
SHA1
8a038e1ed5dcede0207e2267890a7dc9393d28ef
-
SHA256
404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c
-
SHA512
6f94f89dda5c2e6bca2a61219cfa30631751c3dce73c375b9515fb2493ae5709be18ba23f0eb9b06cd6e2a30af50e2dbd6326c06305569bb64a75aca3f736c8e
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-