General
-
Target
ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5.exe
-
Size
321KB
-
Sample
201020-38bpa8cfrs
-
MD5
211331400846c8e81625848c08cb9b7c
-
SHA1
82e7712d582d358cde56fe02998acb4c38222d5d
-
SHA256
ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5
-
SHA512
e9b5d5f299d20d03b37681c9ddc2ac92b5134a75852a04b021fde606626ac6848defd2f10cc692448c8049c3971bd9ee83c8cf4e3732414466b1b025660969c1
Static task
static1
Behavioral task
behavioral1
Sample
ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5.exe
Resource
win7v200722
Malware Config
Extracted
lokibot
http://crestmart.ga/main/l09/sfmaro/mode.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5.exe
-
Size
321KB
-
MD5
211331400846c8e81625848c08cb9b7c
-
SHA1
82e7712d582d358cde56fe02998acb4c38222d5d
-
SHA256
ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5
-
SHA512
e9b5d5f299d20d03b37681c9ddc2ac92b5134a75852a04b021fde606626ac6848defd2f10cc692448c8049c3971bd9ee83c8cf4e3732414466b1b025660969c1
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-