General
-
Target
skyloki.exe
-
Size
590KB
-
Sample
200630-6gek38m3jn
-
MD5
7a4fecfb081558abdf31db63ff8998aa
-
SHA1
aa43d3db8b1fd45d77cde6509407cd74ac2c4b52
-
SHA256
9f1e52fff719e7a27c64308c5bc17eb7bc77330f69c4afd318686447474e0f13
-
SHA512
5c4cf70b106a742847d2ebcfe8d26db199af513c4e547632834cdb910c7f56528e68a1b9ac64a867334be7f7a472fcc377b25098740b1355a87163e900f4bc54
Static task
static1
Behavioral task
behavioral1
Sample
skyloki.exe
Resource
win7
Malware Config
Extracted
lokibot
http://koreanbeautyexpert.com/wp-includes/juj/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
skyloki.exe
-
Size
590KB
-
MD5
7a4fecfb081558abdf31db63ff8998aa
-
SHA1
aa43d3db8b1fd45d77cde6509407cd74ac2c4b52
-
SHA256
9f1e52fff719e7a27c64308c5bc17eb7bc77330f69c4afd318686447474e0f13
-
SHA512
5c4cf70b106a742847d2ebcfe8d26db199af513c4e547632834cdb910c7f56528e68a1b9ac64a867334be7f7a472fcc377b25098740b1355a87163e900f4bc54
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-