General
-
Target
da3789c94460dee34c317f7461236f09.exe
-
Size
1.1MB
-
Sample
200624-x1m9lzv9ls
-
MD5
da3789c94460dee34c317f7461236f09
-
SHA1
3c5d9ea9767cf6e5e128c200cf397bc460891db4
-
SHA256
d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58
-
SHA512
dd0b76ade86272eac66286f7c8c28c474853644d0560c66f5463161eb67338cfe59b72b0e10852857057fa97c0f0445e4610896fd2264d8bdade2ccc5c54f77c
Static task
static1
Behavioral task
behavioral1
Sample
da3789c94460dee34c317f7461236f09.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://104.223.170.102/typour/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
da3789c94460dee34c317f7461236f09.exe
-
Size
1.1MB
-
MD5
da3789c94460dee34c317f7461236f09
-
SHA1
3c5d9ea9767cf6e5e128c200cf397bc460891db4
-
SHA256
d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58
-
SHA512
dd0b76ade86272eac66286f7c8c28c474853644d0560c66f5463161eb67338cfe59b72b0e10852857057fa97c0f0445e4610896fd2264d8bdade2ccc5c54f77c
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-