General
-
Target
eb10f63dfbef8562e34771e306f52c8a.exe
-
Size
100KB
-
Sample
200731-djnxcwgwgn
-
MD5
eb10f63dfbef8562e34771e306f52c8a
-
SHA1
daad8c52400fbdcec0a1f8365d3a061087ada11d
-
SHA256
b64ddd178d652c5432004449edc53fea2abdba8633259b4d8b329e1c8484e98a
-
SHA512
a426eb862442ea9b92d927df935fc49ccffa3f965be9493cedda03c6a4d2c0d7361073d10a431b9f012e1adca867b8f3e161e291fe0c4372beb84dfe70968219
Static task
static1
Behavioral task
behavioral1
Sample
eb10f63dfbef8562e34771e306f52c8a.exe
Resource
win7
Malware Config
Extracted
lokibot
http://104.223.143.234/coconut/Panel/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
eb10f63dfbef8562e34771e306f52c8a.exe
-
Size
100KB
-
MD5
eb10f63dfbef8562e34771e306f52c8a
-
SHA1
daad8c52400fbdcec0a1f8365d3a061087ada11d
-
SHA256
b64ddd178d652c5432004449edc53fea2abdba8633259b4d8b329e1c8484e98a
-
SHA512
a426eb862442ea9b92d927df935fc49ccffa3f965be9493cedda03c6a4d2c0d7361073d10a431b9f012e1adca867b8f3e161e291fe0c4372beb84dfe70968219
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-