General
-
Target
5292e67eef4608fef9fbd9df4909fdb814b964c0c44970328bc632f30e52f1eb.exe
-
Size
646KB
-
Sample
200708-6emj1za296
-
MD5
326f92541289d653456900e9b7afb9ec
-
SHA1
4566b6195e555853703d1ea628f6ca828033e658
-
SHA256
5292e67eef4608fef9fbd9df4909fdb814b964c0c44970328bc632f30e52f1eb
-
SHA512
08ff3c75dc1d45e1d8d1c7cf00485698ac21b34a5c29ecdca12949d419caabde58071d45b9fc22cd468a829ce1f3a795ced62d1021f0ddc8025720918aea84a1
Static task
static1
Behavioral task
behavioral1
Sample
5292e67eef4608fef9fbd9df4909fdb814b964c0c44970328bc632f30e52f1eb.exe
Resource
win7
Malware Config
Extracted
lokibot
http://t-mk.me/blessed/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5292e67eef4608fef9fbd9df4909fdb814b964c0c44970328bc632f30e52f1eb.exe
-
Size
646KB
-
MD5
326f92541289d653456900e9b7afb9ec
-
SHA1
4566b6195e555853703d1ea628f6ca828033e658
-
SHA256
5292e67eef4608fef9fbd9df4909fdb814b964c0c44970328bc632f30e52f1eb
-
SHA512
08ff3c75dc1d45e1d8d1c7cf00485698ac21b34a5c29ecdca12949d419caabde58071d45b9fc22cd468a829ce1f3a795ced62d1021f0ddc8025720918aea84a1
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-