General
-
Target
1b436cf860cb4e1beb66ee4534d41b2f.exe
-
Size
926KB
-
Sample
200731-qys19jrvcs
-
MD5
1b436cf860cb4e1beb66ee4534d41b2f
-
SHA1
656f8f3c4a9e271bf91098947df89d25730aa9ff
-
SHA256
b6c1578da26c1c35f1806ae0c80d2cd81817a2e9de0a69e72f0b9dcd3013cc3f
-
SHA512
114797d1f6d89c56f8228f516804cfd7eadee04b5442f32546b3924280dcdcc96cab9d88ed04e474e7ca1471f4444207a9aba1665dbf84c07cdcaefe4de81749
Static task
static1
Behavioral task
behavioral1
Sample
1b436cf860cb4e1beb66ee4534d41b2f.exe
Resource
win7
Malware Config
Extracted
lokibot
http://104.223.143.234/coconut/Panel/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1b436cf860cb4e1beb66ee4534d41b2f.exe
-
Size
926KB
-
MD5
1b436cf860cb4e1beb66ee4534d41b2f
-
SHA1
656f8f3c4a9e271bf91098947df89d25730aa9ff
-
SHA256
b6c1578da26c1c35f1806ae0c80d2cd81817a2e9de0a69e72f0b9dcd3013cc3f
-
SHA512
114797d1f6d89c56f8228f516804cfd7eadee04b5442f32546b3924280dcdcc96cab9d88ed04e474e7ca1471f4444207a9aba1665dbf84c07cdcaefe4de81749
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-