General
-
Target
engineserv.exe
-
Size
589KB
-
Sample
200630-enf2lx7lp2
-
MD5
b161e6ed6d212e7a36026eaed1f3d902
-
SHA1
555a223b93c90cd3f11bf3263abe9a2e16effed1
-
SHA256
191c7c47fec63f29c5409e19a59ae3545295928a2e0e5f83a64ce64d1e2f0c1d
-
SHA512
53371672ae08b1defd099e686137067dbe76392ecefccb6c6d6f1f08c62916b00fe9e909517c22ef1590d6face462e45be4b0be9d0b9c28a84b6fa7084e832bc
Static task
static1
Behavioral task
behavioral1
Sample
engineserv.exe
Resource
win7
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
engineserv.exe
-
Size
589KB
-
MD5
b161e6ed6d212e7a36026eaed1f3d902
-
SHA1
555a223b93c90cd3f11bf3263abe9a2e16effed1
-
SHA256
191c7c47fec63f29c5409e19a59ae3545295928a2e0e5f83a64ce64d1e2f0c1d
-
SHA512
53371672ae08b1defd099e686137067dbe76392ecefccb6c6d6f1f08c62916b00fe9e909517c22ef1590d6face462e45be4b0be9d0b9c28a84b6fa7084e832bc
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-