General
-
Target
ad511691e78c78c8bf5cb7e31b5e5fe5.exe
-
Size
1.1MB
-
Sample
200624-awqj6vpm66
-
MD5
ad511691e78c78c8bf5cb7e31b5e5fe5
-
SHA1
a5272e4d8c29769c04a9501d3fef43d60e534796
-
SHA256
8b1e6b21b170c9f30c56b8b600884c31098629e92fabfadf563cdc486ef3c8a0
-
SHA512
221aba69cc0c548b97141be7b0c7d25b4887701868b4a27abb7b4802183e2370341432a22f1605ad28b71a01fd5f1e216f9aeadc09255f03736679e850c891ab
Static task
static1
Behavioral task
behavioral1
Sample
ad511691e78c78c8bf5cb7e31b5e5fe5.exe
Resource
win7
Malware Config
Extracted
lokibot
http://b2bseller.ga/choolee/gate.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ad511691e78c78c8bf5cb7e31b5e5fe5.exe
-
Size
1.1MB
-
MD5
ad511691e78c78c8bf5cb7e31b5e5fe5
-
SHA1
a5272e4d8c29769c04a9501d3fef43d60e534796
-
SHA256
8b1e6b21b170c9f30c56b8b600884c31098629e92fabfadf563cdc486ef3c8a0
-
SHA512
221aba69cc0c548b97141be7b0c7d25b4887701868b4a27abb7b4802183e2370341432a22f1605ad28b71a01fd5f1e216f9aeadc09255f03736679e850c891ab
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-