General
-
Target
gunzipped
-
Size
594KB
-
Sample
200630-caxwwwf14s
-
MD5
daf20ae31ae380066f03d7b90f828735
-
SHA1
10b8fa6f1c261e2bf004ef7a939c3b160e2a53e2
-
SHA256
ffb7ccb5a829c474cf0548ad26fc01c6ddeaa58650faa6ba764c6ab83b0cb268
-
SHA512
42705d44aee3fc72949bbe9ba39d863d7704e141d99f7c75195f05e30903093cdf93c962b2237397109a42eba6938093925c80ad7afeb040ef65764420c7fe32
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://79.124.8.8/plesk-site-preview/chongelctricals.com/http/79.124.8.8/legend/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped
-
Size
594KB
-
MD5
daf20ae31ae380066f03d7b90f828735
-
SHA1
10b8fa6f1c261e2bf004ef7a939c3b160e2a53e2
-
SHA256
ffb7ccb5a829c474cf0548ad26fc01c6ddeaa58650faa6ba764c6ab83b0cb268
-
SHA512
42705d44aee3fc72949bbe9ba39d863d7704e141d99f7c75195f05e30903093cdf93c962b2237397109a42eba6938093925c80ad7afeb040ef65764420c7fe32
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-