General
-
Target
Quotation_pdf.exe
-
Size
363KB
-
Sample
200731-5x4prdzfg6
-
MD5
de7567dcc1d3608f5c45cadcc56b6b30
-
SHA1
19c2de0a634d65fb3312ea2e5c71298369685648
-
SHA256
74e6a167dff835aee34f4896f9745ef7113baefbb8bf0610c4ec8e1827c79f2e
-
SHA512
a6a638cf9036b55401695255a41f54827c1007814d4a0e47de827c098583106dbeac3b10e64604e68ae3c86d975ad8abf5ead04e4b701388d9b5e8ef5db43902
Static task
static1
Behavioral task
behavioral1
Sample
Quotation_pdf.exe
Resource
win7v200722
Malware Config
Extracted
lokibot
http://modevin.ga/~zadmin/lmark/gld/mode.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Quotation_pdf.exe
-
Size
363KB
-
MD5
de7567dcc1d3608f5c45cadcc56b6b30
-
SHA1
19c2de0a634d65fb3312ea2e5c71298369685648
-
SHA256
74e6a167dff835aee34f4896f9745ef7113baefbb8bf0610c4ec8e1827c79f2e
-
SHA512
a6a638cf9036b55401695255a41f54827c1007814d4a0e47de827c098583106dbeac3b10e64604e68ae3c86d975ad8abf5ead04e4b701388d9b5e8ef5db43902
-
Blacklisted process makes network request
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-