General
-
Target
9bb95042a017e92103c34f358c19320a_JaffaCakes118
-
Size
344KB
-
Sample
240610-x1k6ssxdka
-
MD5
9bb95042a017e92103c34f358c19320a
-
SHA1
61606b03fb9777145da257d982a65eba60d0b7cd
-
SHA256
01ba9bd818a251204f2d68543cf8ba4b5a0005397c89a873e30edd24c4ceb85c
-
SHA512
435bad0f9ac04a1ef5db19b786c4b480a8054ab129e7e019b980d141a96755ccd120f476f8cfa3087b7ab6558567072123f802d568390aa1b96b136da7d07137
-
SSDEEP
6144:lUn2IyDxNZXzvEoedIjsTB2kLVsEQL9/YfmLQNBAoU3tXkxJVkYgjMDqM8wpdb:l62Ie5EHd5B2MVsXL9/YfNaXuVzDqxwD
Static task
static1
Behavioral task
behavioral1
Sample
SIAM-QUOTATION.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SIAM-QUOTATION.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://79.124.8.8/plesk-site-preview/chongelctricals.com/http/79.124.8.8/adamsn/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SIAM-QUOTATION.exe
-
Size
591KB
-
MD5
a8b84bcbbb2a7dbc7f1e7f8d6bb4ac7b
-
SHA1
82a1c7efa58812bbbbf09ac4138489ae2a208e61
-
SHA256
53258d5a784117d739165d30e3897102aebb2496fb781294254dded4de8029ee
-
SHA512
b2f7e2cc69646ed1f57fe8faf85ff04e6f0c6d2c0997e621255194d6b40c56136004ede78196b50dde0de88ccf654aab98e54decc7950c3cc84cb82a5ae086d1
-
SSDEEP
12288:RsUML1/s5tVs5NApy6EUowkbTsTaBy0AgW:KzLimARZsTsamx
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-