General
-
Target
INV 3326GHF- from Outriger General Importers Korea for acknowledgment.exe
-
Size
592KB
-
Sample
200630-b9dj19ck7n
-
MD5
48a173cfd8c009be182b420fb276003b
-
SHA1
688ab170f40065ca9b8f28a22a4297a92dfea8b4
-
SHA256
d1cf4da06bdbb2578c72334e19ecc794697355a13a7931711748de27b2163e44
-
SHA512
06bd6d48210e8f566e3cdd0f3f94d5c61b05be64aac2123f59ddc1ba3ef22668471651d0a272c1322fc5260cc398cbbdaada8d6c7836bd8ee53ee425a1851387
Static task
static1
Behavioral task
behavioral1
Sample
INV 3326GHF- from Outriger General Importers Korea for acknowledgment.exe
Resource
win7
Malware Config
Extracted
lokibot
http://coolgirlsnation.com/wp-includes/manba/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
INV 3326GHF- from Outriger General Importers Korea for acknowledgment.exe
-
Size
592KB
-
MD5
48a173cfd8c009be182b420fb276003b
-
SHA1
688ab170f40065ca9b8f28a22a4297a92dfea8b4
-
SHA256
d1cf4da06bdbb2578c72334e19ecc794697355a13a7931711748de27b2163e44
-
SHA512
06bd6d48210e8f566e3cdd0f3f94d5c61b05be64aac2123f59ddc1ba3ef22668471651d0a272c1322fc5260cc398cbbdaada8d6c7836bd8ee53ee425a1851387
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-