General
-
Target
PHOTOS.exe
-
Size
209KB
-
Sample
200630-hj7d1pf4cx
-
MD5
18d2748e9b4788e5fb713aba110be1fc
-
SHA1
2bedee2d79786a050fe13a95e7431acdff04ba13
-
SHA256
35e98bf3fa256eb6da9c3d42ca993c1e958794020aa60c6b328e781a99439d75
-
SHA512
21ad84ba8ec7b4f312aa11afa30da9010bebfa2282326b684be5638ed34bca54f4075b5718e82a76c41fe148155d3b4f45e3ddb40bec3796f13ee7e7e5bf8b9f
Static task
static1
Behavioral task
behavioral1
Sample
PHOTOS.exe
Resource
win7
Behavioral task
behavioral2
Sample
PHOTOS.exe
Resource
win10v200430
Malware Config
Extracted
lokibot
http://siiigroup.com/blue/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
PHOTOS.exe
-
Size
209KB
-
MD5
18d2748e9b4788e5fb713aba110be1fc
-
SHA1
2bedee2d79786a050fe13a95e7431acdff04ba13
-
SHA256
35e98bf3fa256eb6da9c3d42ca993c1e958794020aa60c6b328e781a99439d75
-
SHA512
21ad84ba8ec7b4f312aa11afa30da9010bebfa2282326b684be5638ed34bca54f4075b5718e82a76c41fe148155d3b4f45e3ddb40bec3796f13ee7e7e5bf8b9f
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-