General
-
Target
c8e3eadfa58c43d0348a1e1fe5b2549f65dbd782cdff1c48087866f4349e3d53.exe
-
Size
620KB
-
Sample
201020-tg5pwvjhsj
-
MD5
53c08a98afc92f6907dbac36d81b1f1d
-
SHA1
e0881ce0c01b508b9e25395b72c23033f8171fa3
-
SHA256
c8e3eadfa58c43d0348a1e1fe5b2549f65dbd782cdff1c48087866f4349e3d53
-
SHA512
17d26777ad30424871e55c0760b530fb91402e7617bf1fd52fb7c6219f6ca5c757568be3845bcdec561e66009b034a06f2b803bf825178bf36bc125b7a147727
Static task
static1
Behavioral task
behavioral1
Sample
c8e3eadfa58c43d0348a1e1fe5b2549f65dbd782cdff1c48087866f4349e3d53.exe
Resource
win7
Malware Config
Extracted
lokibot
http://heliopoliss.com/kiriko/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c8e3eadfa58c43d0348a1e1fe5b2549f65dbd782cdff1c48087866f4349e3d53.exe
-
Size
620KB
-
MD5
53c08a98afc92f6907dbac36d81b1f1d
-
SHA1
e0881ce0c01b508b9e25395b72c23033f8171fa3
-
SHA256
c8e3eadfa58c43d0348a1e1fe5b2549f65dbd782cdff1c48087866f4349e3d53
-
SHA512
17d26777ad30424871e55c0760b530fb91402e7617bf1fd52fb7c6219f6ca5c757568be3845bcdec561e66009b034a06f2b803bf825178bf36bc125b7a147727
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-