General
-
Target
Swift Copy .exe
-
Size
204KB
-
Sample
200630-yawt549ten
-
MD5
3e16daba50a8be623cd5378cd88a7da9
-
SHA1
8735613fbca79fb408ebe11568a5e9a6c03af556
-
SHA256
7377850f0f7622852b75f56e363578aef1b24d85938525a1ea4364ec1b41c9c3
-
SHA512
bee5356f34c2bb259845e93583c57d93cf1b4675cb5218e5ace6955c1def4255a072705b5783cf4ef06fd474e687e102e03f50aa13d38ac487b00baba14f2520
Static task
static1
Behavioral task
behavioral1
Sample
Swift Copy .exe
Resource
win7v200430
Malware Config
Extracted
lokibot
http://siiigroup.com/gst/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Swift Copy .exe
-
Size
204KB
-
MD5
3e16daba50a8be623cd5378cd88a7da9
-
SHA1
8735613fbca79fb408ebe11568a5e9a6c03af556
-
SHA256
7377850f0f7622852b75f56e363578aef1b24d85938525a1ea4364ec1b41c9c3
-
SHA512
bee5356f34c2bb259845e93583c57d93cf1b4675cb5218e5ace6955c1def4255a072705b5783cf4ef06fd474e687e102e03f50aa13d38ac487b00baba14f2520
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-