General
-
Target
new crypted.exe
-
Size
599KB
-
Sample
200630-hm2mbfl9dn
-
MD5
528e2a7d71e7d96e8c8e59d5ebb2bd1c
-
SHA1
54cd335268104d8b22d66a24796050ee48a3ac72
-
SHA256
5f7ea0bdf9b037b2a19d42325085035c419f86d967814bf8f544b8eaa39841eb
-
SHA512
46dd6d165fce867b2e3f3603d6c6ecbd1dd5c48d0a6ae2354fc7edf0254e2d0d6d45574db18731d73d43030322a4421614903049f6aa78aa4e144f783987b2aa
Static task
static1
Behavioral task
behavioral1
Sample
new crypted.exe
Resource
win7
Malware Config
Extracted
lokibot
airmanselectiontest.com/oo/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
new crypted.exe
-
Size
599KB
-
MD5
528e2a7d71e7d96e8c8e59d5ebb2bd1c
-
SHA1
54cd335268104d8b22d66a24796050ee48a3ac72
-
SHA256
5f7ea0bdf9b037b2a19d42325085035c419f86d967814bf8f544b8eaa39841eb
-
SHA512
46dd6d165fce867b2e3f3603d6c6ecbd1dd5c48d0a6ae2354fc7edf0254e2d0d6d45574db18731d73d43030322a4421614903049f6aa78aa4e144f783987b2aa
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-