General
-
Target
SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe
-
Size
673KB
-
Sample
200731-y72nvcwrb2
-
MD5
29b2cd758504e00f56cc7d3c00b931b0
-
SHA1
69980dd99c9fb7d9387ebaec61ca1b7825bd7581
-
SHA256
94630a91f277bfe6a933d9db3f55cf7b6508979474440bc1639b1dd763169869
-
SHA512
0f5f6cfb9367e62477f4a42647ce002e6a26b7cd2504846132e02e5f0b6c894d34b75c2d025bbeb86ffdd905f6e57f5b4b1529fb5ece7deaf658f347d3b7ad99
Static task
static1
Behavioral task
behavioral1
Sample
SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe
Resource
win7v200722
Malware Config
Extracted
lokibot
http://195.69.140.147/.op/cr.php/TAvyWQRo1IIY4
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe
-
Size
673KB
-
MD5
29b2cd758504e00f56cc7d3c00b931b0
-
SHA1
69980dd99c9fb7d9387ebaec61ca1b7825bd7581
-
SHA256
94630a91f277bfe6a933d9db3f55cf7b6508979474440bc1639b1dd763169869
-
SHA512
0f5f6cfb9367e62477f4a42647ce002e6a26b7cd2504846132e02e5f0b6c894d34b75c2d025bbeb86ffdd905f6e57f5b4b1529fb5ece7deaf658f347d3b7ad99
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-