General
-
Target
SHIPPING_DOCS_WAN_HAI_pdf.exe
-
Size
240KB
-
Sample
200630-jnlvr1s28n
-
MD5
9f687baad6cff9deb8ed43bbc7a383f4
-
SHA1
c3d355cc10d044964fdb1d563afc525b25d8e98f
-
SHA256
df1f012094e4d7601eecac850af54eb268691a8dd95f79fae052e6b7588780f5
-
SHA512
9c8d40a4346279c9ad5add328a3695ab4a80decbcc580edcb5a998896018c63af1bc84028e6d574635c77194e7ee970b195c89724ebf59541154c7896efe45f2
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPING_DOCS_WAN_HAI_pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
SHIPPING_DOCS_WAN_HAI_pdf.exe
Resource
win10v200430
Malware Config
Extracted
lokibot
http://flexpak-th.com/osama/aboki/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SHIPPING_DOCS_WAN_HAI_pdf.exe
-
Size
240KB
-
MD5
9f687baad6cff9deb8ed43bbc7a383f4
-
SHA1
c3d355cc10d044964fdb1d563afc525b25d8e98f
-
SHA256
df1f012094e4d7601eecac850af54eb268691a8dd95f79fae052e6b7588780f5
-
SHA512
9c8d40a4346279c9ad5add328a3695ab4a80decbcc580edcb5a998896018c63af1bc84028e6d574635c77194e7ee970b195c89724ebf59541154c7896efe45f2
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-