General
-
Target
e666a39c9ea18a7365f95fda94fe0962_JaffaCakes118
-
Size
841KB
-
Sample
240408-cn6xhsdh92
-
MD5
e666a39c9ea18a7365f95fda94fe0962
-
SHA1
c10f79d870f857452f15f4d204f1b07726344dc8
-
SHA256
e25f008652428767e491c4ee3baaf9f3b648a3b6ab9bc423be3c7305779b09fb
-
SHA512
1e69fd11c0ad4f9a5f0bcf1978063baa06700490a11f6387c33e5763f3f1a3ab7ca1795d2ae4618cb339a95e3b5363c26746f3cb56f2414ba25051ed874f4ddc
-
SSDEEP
24576:VHZeQMinhpw0WAiBr60WuSAwZDpff0/SBZS+K:5Z3Z40WLHgiZ
Static task
static1
Behavioral task
behavioral1
Sample
jdik4JxEILyMsaJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
jdik4JxEILyMsaJ.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/W9ZqiawWCXST6
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
jdik4JxEILyMsaJ.exe
-
Size
1.3MB
-
MD5
2719ed77aed07538d050e6ffd960f5ac
-
SHA1
52150968e889b7a28e8d327fad3b18059bc2109a
-
SHA256
646b7469b8447ea451720f3f0a3662923655fda17f05d6a995d16f94d4bfde15
-
SHA512
fd1e8d2dd6cc7236837aa2898f39e1a60d36d8db89fe523847d83aea1f4c84e4eef9a2e4002bcf1335d0a1b843f7b22af241460df22ae133a53a749afe52bfe2
-
SSDEEP
24576:G9qbTA/fx8DgMfx8Dg9s9HY0m+JiCEqL8UrkousQJY9O9lNyV9PZCnLL://A/58DgM58DgW48JibqAsQa9syPZCL
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-