General
-
Target
a55d6d38e7797634af9612af2a33672ea5cdb86dbdbe60b241e070a9abe96719.exe
-
Size
661KB
-
Sample
201020-rc6a1dtv9e
-
MD5
d19f29cc0a3630336eb8926e70f74da0
-
SHA1
829cc138a9021c185315d14ecc162f9c6e8632b8
-
SHA256
a55d6d38e7797634af9612af2a33672ea5cdb86dbdbe60b241e070a9abe96719
-
SHA512
da16f8f895a08df11dd327640db9e7b6bef5ccc33f08ca19ff0d4e11cafe12e2ae6402b3ed1c992a0f3be31a6ced8fa24467938fb51253ec20c4f79e2779b80f
Static task
static1
Behavioral task
behavioral1
Sample
a55d6d38e7797634af9612af2a33672ea5cdb86dbdbe60b241e070a9abe96719.exe
Resource
win7v200722
Malware Config
Extracted
lokibot
http://mecharnise.ir/eb2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a55d6d38e7797634af9612af2a33672ea5cdb86dbdbe60b241e070a9abe96719.exe
-
Size
661KB
-
MD5
d19f29cc0a3630336eb8926e70f74da0
-
SHA1
829cc138a9021c185315d14ecc162f9c6e8632b8
-
SHA256
a55d6d38e7797634af9612af2a33672ea5cdb86dbdbe60b241e070a9abe96719
-
SHA512
da16f8f895a08df11dd327640db9e7b6bef5ccc33f08ca19ff0d4e11cafe12e2ae6402b3ed1c992a0f3be31a6ced8fa24467938fb51253ec20c4f79e2779b80f
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-