General
-
Target
updated file_pdf.exe
-
Size
914KB
-
Sample
200629-spx46twcea
-
MD5
7a3e1f5c0c498fc33db2702be21d2073
-
SHA1
298d99bd858bdf19a2874a5e8bd5f655c7695974
-
SHA256
0c287d78aae1e3f907ce09a6750eea328153e32598726a505651ab5ca1ee573e
-
SHA512
47773a2b34a887d9a9ab57cf9a5765960066822eeac9458a0a218de99cef275ab6ddd767784be4d3176e40c2e7f924b006b2b2dcc391f17f95e3e92b4656b7ac
Static task
static1
Behavioral task
behavioral1
Sample
updated file_pdf.exe
Resource
win7
Malware Config
Extracted
lokibot
http://195.69.140.147/.op/cr.php/SczbkxCQZQyVr
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
updated file_pdf.exe
-
Size
914KB
-
MD5
7a3e1f5c0c498fc33db2702be21d2073
-
SHA1
298d99bd858bdf19a2874a5e8bd5f655c7695974
-
SHA256
0c287d78aae1e3f907ce09a6750eea328153e32598726a505651ab5ca1ee573e
-
SHA512
47773a2b34a887d9a9ab57cf9a5765960066822eeac9458a0a218de99cef275ab6ddd767784be4d3176e40c2e7f924b006b2b2dcc391f17f95e3e92b4656b7ac
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-