General
-
Target
33ac1abeed677145c72e052090128240_JaffaCakes118
-
Size
360KB
-
Sample
240511-kdbydsbf55
-
MD5
33ac1abeed677145c72e052090128240
-
SHA1
40749f98558e83bab556634465af0a69dd1d7e1d
-
SHA256
b764bde02596d5b472c235c8c220d84954e0a5af8d4c5219c88ced543b1b3b30
-
SHA512
8ec56fca76c85d81202fa1b20e8f08cf4708f0b74501336cd69154b19340225dcaa5d956ac41d0ad4356f25e7aac288016d1912f3c22f79a4bbf37fb640c19d0
-
SSDEEP
6144:cgHiDc5fBEVq4woFigKhPD7g5Z2xk9ae5K0FbIqQ26JAIjYLACkTmyF:c0mcWdL2PD7qJawK0pIqQ26Jbnf
Static task
static1
Behavioral task
behavioral1
Sample
NOA EVER BEING V.0885-019B.pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NOA EVER BEING V.0885-019B.pdf.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://sabzihome.com/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
NOA EVER BEING V.0885-019B.pdf.exe
-
Size
665KB
-
MD5
5565e697fe031404302628fed6d0d5e0
-
SHA1
040e597eacf7a0d1947b4bf89d65ffbef0cbc1e2
-
SHA256
90a81b30439b28f93aedd6c172dc5caf76c2f350f6c1b11eacaedc8dc80edf52
-
SHA512
fbff8f182cb4de7a00560f707e0bb48bc0f2995e94ae29b88757ad905cde6ebcd8d3f152b89e8039cb3009dd2739dd817dd28f53b3f23d92fdc4eba51bec6c19
-
SSDEEP
12288:rmp9XVk3rNq8srw+ZdKSsWItO8n+D0s+rIJDe54KZiHKkSi:QlQNqHMWKKcAFrJCdsN
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-