General
-
Target
SKMBT_28320062618070.exe
-
Size
305KB
-
Sample
200630-n8paft7gjs
-
MD5
beed61c6f7049b8775e2f2a56290e402
-
SHA1
736c845087f1a147a435aaa8452fba00754edd20
-
SHA256
bd6db82e76d317027f409e907b46cc03a4c9591d175bcf03164c98f3e50d6aed
-
SHA512
bc5d272d9e53db802c4b05b39ab7b512c29f66966f8ab9804939ac77e4753feddb19b62f5f7005c355649dd844c33d47cce7c8cc2fc0d6bf338627feb3e084b4
Static task
static1
Behavioral task
behavioral1
Sample
SKMBT_28320062618070.exe
Resource
win7
Malware Config
Extracted
lokibot
http://nightmarefile.ga/Jay/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SKMBT_28320062618070.exe
-
Size
305KB
-
MD5
beed61c6f7049b8775e2f2a56290e402
-
SHA1
736c845087f1a147a435aaa8452fba00754edd20
-
SHA256
bd6db82e76d317027f409e907b46cc03a4c9591d175bcf03164c98f3e50d6aed
-
SHA512
bc5d272d9e53db802c4b05b39ab7b512c29f66966f8ab9804939ac77e4753feddb19b62f5f7005c355649dd844c33d47cce7c8cc2fc0d6bf338627feb3e084b4
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-