General
-
Target
Payment Date 10.07.2020.exe
-
Size
241KB
-
Sample
200713-8bxm18pg2s
-
MD5
45e1487229334c83b43db67f3c9bcd34
-
SHA1
c303a612cfcdb6be2ff6c055d941e0358f33b9af
-
SHA256
ba70b16e63725d98406a9e9da5126d9dde77fea5f3b080b5571f2553675ad8a7
-
SHA512
43ae677459f09d072a41104c1771ab30d9b64b9516b0672c2ef9e225a1c6d9387bad25f6f5943020a43bb691d922f3da0e2da980b3d55d5e7fe7d983b401c2e1
Static task
static1
Behavioral task
behavioral1
Sample
Payment Date 10.07.2020.exe
Resource
win7
Malware Config
Extracted
lokibot
http://modevin.ga/~zadmin/lmark/frega2/mode.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Payment Date 10.07.2020.exe
-
Size
241KB
-
MD5
45e1487229334c83b43db67f3c9bcd34
-
SHA1
c303a612cfcdb6be2ff6c055d941e0358f33b9af
-
SHA256
ba70b16e63725d98406a9e9da5126d9dde77fea5f3b080b5571f2553675ad8a7
-
SHA512
43ae677459f09d072a41104c1771ab30d9b64b9516b0672c2ef9e225a1c6d9387bad25f6f5943020a43bb691d922f3da0e2da980b3d55d5e7fe7d983b401c2e1
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-