General
-
Target
efda70a38598b1352a65375079811728_JaffaCakes118
-
Size
2.0MB
-
Sample
240415-akchdshd95
-
MD5
efda70a38598b1352a65375079811728
-
SHA1
1557cfec1afaa932d183b2fc074c9bb8e45d62e0
-
SHA256
1637ca544019d055dc81c8d7d97f1d5944d758547016c7043361999fddaef9a4
-
SHA512
ebc8b6bfcb371a3db63ae88a88f1ff8e2d7c7bbc1eda64004dc58520541a8a858f15decc2464338120ec82af39e986b5bd99c2c2eb59c64b1fcb5c4c0b4e8260
-
SSDEEP
24576:36hJXqK7s6YnFiejrt9F0TriHb3KEtCdYAAkAb/lA0xAjvAj2AAALAAADAAAeAA9:KzaK6nA8hXEWHB89
Static task
static1
Behavioral task
behavioral1
Sample
Seoul Air Cargo SOA JULY.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Seoul Air Cargo SOA JULY.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/YhXBwhqZTd6mE
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Seoul Air Cargo SOA JULY.exe
-
Size
927KB
-
MD5
2d5bb98aafb25f28aa1f30b37364afb1
-
SHA1
43c653aed9c2d7ca63641453c0abc6cfad8891f7
-
SHA256
af9ac07263f577041536d7c65a5aa6f9609613e7565ee6167e95e18f6f2e1110
-
SHA512
275a59b8e9a4141435e085b74e5b20f1d42436f0cf3c2d9f58b30ec96d3165fe820e3be2e12af85f9559cf00d9f56d80841b637b1934c01d32372ff676607ddd
-
SSDEEP
12288:ZUhoMJSrEXnurXBK08MdWU919swXnMFRqSO:ZI2AXnurXgJ2r9LXnMFJ
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-