General
-
Target
scan009 ig1.exe
-
Size
1MB
-
Sample
200624-x28avytfa2
-
MD5
c47fd53d0dfebbae28c88b4e49fc2a30
-
SHA1
887fb8463245cc9eea086862670e1ed8109547a7
-
SHA256
6cae16bed5ff47f64986860e163db4499ca5a75e12e36a334a092d3865249bf1
-
SHA512
ddec441d7236b4812557492bd2b6f9c34e639a15db3ce121760e1f7b904cdc7386bef1b087b31cc122d69c1f785937588e25844f44f1e86cab9decce8dc80eca
Static task
static1
Malware Config
Extracted
lokibot
http://shehig.com/ig1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
scan009 ig1.exe
-
Size
1MB
-
MD5
c47fd53d0dfebbae28c88b4e49fc2a30
-
SHA1
887fb8463245cc9eea086862670e1ed8109547a7
-
SHA256
6cae16bed5ff47f64986860e163db4499ca5a75e12e36a334a092d3865249bf1
-
SHA512
ddec441d7236b4812557492bd2b6f9c34e639a15db3ce121760e1f7b904cdc7386bef1b087b31cc122d69c1f785937588e25844f44f1e86cab9decce8dc80eca
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-