General
-
Target
3e740fea889c9009f592cd53d244363e2095601ed8b88aa5225b46643b955c5e.exe
-
Size
352KB
-
Sample
201020-rgt9dz9wys
-
MD5
af8c7bf7f50f582d3af19bfe06a8edfd
-
SHA1
e53270953ee138b0215bf5f2ecf7503636c88ff6
-
SHA256
3e740fea889c9009f592cd53d244363e2095601ed8b88aa5225b46643b955c5e
-
SHA512
b974bcf8450987fc011ddb3aefc1891251d318fe00340d56fa687cbae8be932e8e28e66139f334452b5ca68709227001ee4d502cd5b281aeb6b1fc5759019edf
Static task
static1
Behavioral task
behavioral1
Sample
3e740fea889c9009f592cd53d244363e2095601ed8b88aa5225b46643b955c5e.exe
Resource
win7
Malware Config
Extracted
lokibot
http://ad4teg.com/cxs/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3e740fea889c9009f592cd53d244363e2095601ed8b88aa5225b46643b955c5e.exe
-
Size
352KB
-
MD5
af8c7bf7f50f582d3af19bfe06a8edfd
-
SHA1
e53270953ee138b0215bf5f2ecf7503636c88ff6
-
SHA256
3e740fea889c9009f592cd53d244363e2095601ed8b88aa5225b46643b955c5e
-
SHA512
b974bcf8450987fc011ddb3aefc1891251d318fe00340d56fa687cbae8be932e8e28e66139f334452b5ca68709227001ee4d502cd5b281aeb6b1fc5759019edf
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-