General
-
Target
24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f.exe
-
Size
231KB
-
Sample
201020-patxrrwlgs
-
MD5
ed3e155b736c7f072cd1358938e9c046
-
SHA1
e9775b2888a19d8ce4f8fa3102c175f1a9297b13
-
SHA256
24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f
-
SHA512
e2e4728a08c3e9241dc1d509743ea6a5f2b43a8af62d7c8cedf18da6cd8d44cb076414afc092f30436413fa5d7abd665bb70755d4d18ca4b878181821f8e422d
Static task
static1
Behavioral task
behavioral1
Sample
24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f.exe
Resource
win7
Malware Config
Extracted
lokibot
http://crestmart.ga/main/l09/US/mode.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f.exe
-
Size
231KB
-
MD5
ed3e155b736c7f072cd1358938e9c046
-
SHA1
e9775b2888a19d8ce4f8fa3102c175f1a9297b13
-
SHA256
24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f
-
SHA512
e2e4728a08c3e9241dc1d509743ea6a5f2b43a8af62d7c8cedf18da6cd8d44cb076414afc092f30436413fa5d7abd665bb70755d4d18ca4b878181821f8e422d
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-