General
-
Target
1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c.exe
-
Size
661KB
-
Sample
200708-h8etmaz8gx
-
MD5
096a791524b9ff0ee657822bc7c4636b
-
SHA1
fa3c732f69b3cd83e35a3edda7109df021b74e91
-
SHA256
1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c
-
SHA512
950f53cd4210cebeaf7a353a7d4966a5ca25b7f5494548f04aa8287e298753d27250d1b416ad5cda08d68cb60f902d1d4fdd95be7f33fbe9617beeefb7614f03
Static task
static1
Behavioral task
behavioral1
Sample
1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://mygreencity.in/scripts/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c.exe
-
Size
661KB
-
MD5
096a791524b9ff0ee657822bc7c4636b
-
SHA1
fa3c732f69b3cd83e35a3edda7109df021b74e91
-
SHA256
1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c
-
SHA512
950f53cd4210cebeaf7a353a7d4966a5ca25b7f5494548f04aa8287e298753d27250d1b416ad5cda08d68cb60f902d1d4fdd95be7f33fbe9617beeefb7614f03
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-