General
-
Target
cdd85bef4383fa793098e9f54d5ac3fe.exe
-
Size
1.1MB
-
Sample
200624-spzrcag3y6
-
MD5
cdd85bef4383fa793098e9f54d5ac3fe
-
SHA1
4e8944dd3f5e657702228937e8fe191888db0411
-
SHA256
9322b0f3acdb180dc3ff81c0cf648b26c294caddcb550a18296941d302519274
-
SHA512
f2d02ee2445e826dfdb1ac52c95a96dd3b0b0f29e6e98f16f8fe3791f6e47bdf1e128915779f31c8a36396744ef73e030e758458c9581e5f3565a99c76810228
Static task
static1
Behavioral task
behavioral1
Sample
cdd85bef4383fa793098e9f54d5ac3fe.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://104.223.170.102/typour/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
cdd85bef4383fa793098e9f54d5ac3fe.exe
-
Size
1.1MB
-
MD5
cdd85bef4383fa793098e9f54d5ac3fe
-
SHA1
4e8944dd3f5e657702228937e8fe191888db0411
-
SHA256
9322b0f3acdb180dc3ff81c0cf648b26c294caddcb550a18296941d302519274
-
SHA512
f2d02ee2445e826dfdb1ac52c95a96dd3b0b0f29e6e98f16f8fe3791f6e47bdf1e128915779f31c8a36396744ef73e030e758458c9581e5f3565a99c76810228
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-