General
-
Target
Purchase order.exe
-
Size
314KB
-
Sample
200630-ts56psv2ca
-
MD5
329e5766ebd9bbca8a790ee427e6a8a5
-
SHA1
991d19b31d93f4e8a572ef79307921f33b7d8dab
-
SHA256
e7eb633b0bc14a4fee184364a31783aab035800613f4dde15a84f87243cf9879
-
SHA512
21158e909e82cedd662506e0279113450678d4e1954cdb104ef0b2d3f5df7fbf5370d6bab12607a14c0300640f866d879ad8d80fc950962c3c4ee187f93e8ead
Static task
static1
Behavioral task
behavioral1
Sample
Purchase order.exe
Resource
win7
Malware Config
Extracted
lokibot
http://slimfile.cf/Slim/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Purchase order.exe
-
Size
314KB
-
MD5
329e5766ebd9bbca8a790ee427e6a8a5
-
SHA1
991d19b31d93f4e8a572ef79307921f33b7d8dab
-
SHA256
e7eb633b0bc14a4fee184364a31783aab035800613f4dde15a84f87243cf9879
-
SHA512
21158e909e82cedd662506e0279113450678d4e1954cdb104ef0b2d3f5df7fbf5370d6bab12607a14c0300640f866d879ad8d80fc950962c3c4ee187f93e8ead
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-