General
-
Target
SecuriteInfo.com.Trojan.MulDrop.1161.895.14575
-
Size
504KB
-
Sample
200801-98s75eftva
-
MD5
32ffae9524a6321051248e4313c91852
-
SHA1
5e28c29f740842a5eee6f2717d25f86dd3b0f752
-
SHA256
6a223f3097e572a00aa6f1029bbbb6d71d66bb5bbf239177d232dca3c7f9bf33
-
SHA512
60bb5521d91b14e510d10df9a21619c81724b81cf5d999f7719ca433f7d34da81b06f9cb982a4bec42e78d92b892c8181adc326669b2a0446e6adf1114468cc7
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.MulDrop.1161.895.14575.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.MulDrop.1161.895.14575.exe
Resource
win10v200722
Malware Config
Extracted
lokibot
http://dresson1.com/wip-admin/js/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.Trojan.MulDrop.1161.895.14575
-
Size
504KB
-
MD5
32ffae9524a6321051248e4313c91852
-
SHA1
5e28c29f740842a5eee6f2717d25f86dd3b0f752
-
SHA256
6a223f3097e572a00aa6f1029bbbb6d71d66bb5bbf239177d232dca3c7f9bf33
-
SHA512
60bb5521d91b14e510d10df9a21619c81724b81cf5d999f7719ca433f7d34da81b06f9cb982a4bec42e78d92b892c8181adc326669b2a0446e6adf1114468cc7
Score10/10-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-