General
-
Target
e499c6056afc8e822c936888061c0b4c_JaffaCakes118
-
Size
215KB
-
Sample
240407-le9rgshg9x
-
MD5
e499c6056afc8e822c936888061c0b4c
-
SHA1
c0179168d031e16598c785dad2df098ea5cf0eee
-
SHA256
c5c0c1dc1b82ded99f843bdce1ab3d44bff352bcdd6c934afe80577474738a43
-
SHA512
e79960b7d40d6f065df58331ddb3491d9742307016ef3aa1bf7a6527810d2d6b93d9d0f3fd5a0c3944830f23a2074b479f6ce730914e9a69aa7e336c5a1ae5d7
-
SSDEEP
6144:d0JNlOJU3mruy38ltBWDlxYqYK6qBo2xNA:6JcN38rwDlx96qBRxO
Static task
static1
Behavioral task
behavioral1
Sample
RFQ file_pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RFQ file_pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/rVXhi7NTm83H7
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ file_pdf.exe
-
Size
238KB
-
MD5
2fbb8235e4d5b5f0fba3d56b10ab411f
-
SHA1
1c234bb9ab42eb4fb72fececba19cdef8725465e
-
SHA256
bec8e8e71bc2a00b95d339c9f19b8c40a9e17beb943df3b9abb897f56d6d671f
-
SHA512
8b78693d150253c90ea5481b5f77a1a7a3bdf784cf06504d428e3f54effd5700e1bebaae263a899f5fd0af6afdcc024b309cfbd00ecccc3269d03e1c452365ec
-
SSDEEP
6144:sZTrOw62etzeasJjLgkpp8HShczoQs3FgDlpgqYS6qZouiN2:yHOwh2zDCMzyhcg32Dlpn6qZvik
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-