General
-
Target
KHFOPL.exe
-
Size
329KB
-
Sample
200731-slfd2e7zsa
-
MD5
bbea4121c22c72511cd75c29fc4f2dcd
-
SHA1
89a363f16b4357c82a9d5c280a6d1c970a936f28
-
SHA256
a550b01785417d0c802740cb128aa26d4415414458b87877b634bed5c2694ad5
-
SHA512
cd1fd7e1555c6844cb7e38d3f5962a33f4eb08ab1459c4f29ebe69d0feb5946e0f3a06136bca923e30bc2943000b8cfdde26b523694020b267e1fb716abfc81e
Static task
static1
Behavioral task
behavioral1
Sample
KHFOPL.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
KHFOPL.exe
Resource
win10
Malware Config
Extracted
lokibot
http://104.223.143.234/coconut/Panel/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
KHFOPL.exe
-
Size
329KB
-
MD5
bbea4121c22c72511cd75c29fc4f2dcd
-
SHA1
89a363f16b4357c82a9d5c280a6d1c970a936f28
-
SHA256
a550b01785417d0c802740cb128aa26d4415414458b87877b634bed5c2694ad5
-
SHA512
cd1fd7e1555c6844cb7e38d3f5962a33f4eb08ab1459c4f29ebe69d0feb5946e0f3a06136bca923e30bc2943000b8cfdde26b523694020b267e1fb716abfc81e
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-