General
-
Target
Payment Pdf.exe
-
Size
608KB
-
Sample
200731-y613ptlg8s
-
MD5
76747e6f8ac80f5b1835a47a9342ddca
-
SHA1
5ff4bca1c0e52a4d3e8cb2d2955a3fea53da58bb
-
SHA256
3235eeb992191113c5427d8d3991440e6209fc255a2219c2676197259c2dd510
-
SHA512
2d42cef5660f3b131a239f1bb502f907cfb64ab3c1c89991826ca11ff04f7899a9e2b4400873b4f9be50db8c5878317e59f40182fd4f44f8a34047fea5ecd575
Static task
static1
Behavioral task
behavioral1
Sample
Payment Pdf.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
Payment Pdf.exe
Resource
win10v200722
Malware Config
Extracted
lokibot
http://mecharnise.ir/sto/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Payment Pdf.exe
-
Size
608KB
-
MD5
76747e6f8ac80f5b1835a47a9342ddca
-
SHA1
5ff4bca1c0e52a4d3e8cb2d2955a3fea53da58bb
-
SHA256
3235eeb992191113c5427d8d3991440e6209fc255a2219c2676197259c2dd510
-
SHA512
2d42cef5660f3b131a239f1bb502f907cfb64ab3c1c89991826ca11ff04f7899a9e2b4400873b4f9be50db8c5878317e59f40182fd4f44f8a34047fea5ecd575
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-