General
-
Target
5e55e8a914c95bf2d870101f499690e9_JaffaCakes118
-
Size
350KB
-
Sample
240520-lctbqadc37
-
MD5
5e55e8a914c95bf2d870101f499690e9
-
SHA1
aa3bfb621519e33638e6b7980e75241985c9320c
-
SHA256
d4346f837594db57efc871d24c6aa589d4715a6b1e2b8aec37b32175a4d61574
-
SHA512
6827b4c5519a843b2195e7cf8484be766b932d1eab07566212a3fe66ff4f130f1ef372122f2cf9ce06292cd42414c8d89293c0cca78b97bc316bf1432eb601f5
-
SSDEEP
6144:ven2K0sZioHl/w4u65xJM0N72vOcdABTovi06/JBTaxitKA45cQdOAhR39:2n46LH+4d5IdkEa06xBT6iwwQdr/
Static task
static1
Behavioral task
behavioral1
Sample
Invoice , BL PL.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Invoice , BL PL.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
https://phiheatings.ir/lordwap/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Invoice , BL PL.exe
-
Size
580KB
-
MD5
cfd5a9212c03d6cd24101bbb083caf72
-
SHA1
6209ac252f364abe7591d5d49f61a65b47a9b8a0
-
SHA256
10913c73533f13e0b03261b652561c4a0bba91dc00cc0a6941c0d816fc3a8069
-
SHA512
26339a771f0bc514b6d88fd8c01717bfa8b094ed52bc9420906ab28e554c5533f589a238258e579ca7c7f4f085a593d6139e09dce0f6d913b5077ebf2d0ea254
-
SSDEEP
12288:VD+78q1zTTdYWsoWDxCx5p4T6SFN9nhYv1:c7H3JYWsoW9CLp42W9n
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-