General
-
Target
gggggg.exe
-
Size
595KB
-
Sample
200630-fg8q7v9cq6
-
MD5
0b3d8c968da5b6f60ea1d3446eff639f
-
SHA1
7b83d3d57f2ec601d69ebde3d8fd8c353264cc6c
-
SHA256
15c31a91c8a5800ebc18b89898bda6da921fa0b672ee4f0de742a4ef964b7ed7
-
SHA512
c84eabd6623533ec79b0038654121207ab7a31bbd79476825875a28bfd57dcacde9ce6c443c7d58798ae00810e0c98b8a2bbdbebb6cbc4076f5275d87ff33108
Static task
static1
Behavioral task
behavioral1
Sample
gggggg.exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://coolgirlsnation.com/wp-includes/debere/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gggggg.exe
-
Size
595KB
-
MD5
0b3d8c968da5b6f60ea1d3446eff639f
-
SHA1
7b83d3d57f2ec601d69ebde3d8fd8c353264cc6c
-
SHA256
15c31a91c8a5800ebc18b89898bda6da921fa0b672ee4f0de742a4ef964b7ed7
-
SHA512
c84eabd6623533ec79b0038654121207ab7a31bbd79476825875a28bfd57dcacde9ce6c443c7d58798ae00810e0c98b8a2bbdbebb6cbc4076f5275d87ff33108
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-