General
-
Target
bde947cf1cc2222555adf5663d22dbd9_JaffaCakes118
-
Size
318KB
-
Sample
240824-fbet2svhjk
-
MD5
bde947cf1cc2222555adf5663d22dbd9
-
SHA1
62e4e165a06a0836a87f95edac374f0890a7a238
-
SHA256
2da3b290d194ac229997800af1e300ceb8a1ed7954fdddfe7d1c9f97438adf88
-
SHA512
25db2382d6ebf34b8bd8ac91750ad0c57f63518d8d153b3c1f95d9ddcc1f1d992be5d2293069c1af98cef90edc489ec4bc6ba38b962307a85bab6c50cd4c7523
-
SSDEEP
6144:OBfWI0FDHuZYGA0DrfbwhuxdPpRdlJWrG9K30efvpMO+vzM8:4fV0FjuZRA4rbwoRUrGI30gpBIzP
Static task
static1
Behavioral task
behavioral1
Sample
IMG-2021-17-02557000015.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
IMG-2021-17-02557000015.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
https://www.ritcophysiotherapy.com.au/wap121/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
IMG-2021-17-02557000015.exe
-
Size
427KB
-
MD5
8ad87cebd9aaadd8a385fa504863e532
-
SHA1
68e8214ff89b2c93f147bdc797889b25b85a2ee5
-
SHA256
ef44e807ff152bb2c5f6ed11f573087872f0fdf1baaa0e31b7767c5723e503e7
-
SHA512
53c88bce7495219b6b35bfaba1756ed04ba8ac9a05ededcd7752a4656369cf492d111b4b823c93e57ed41379eeb71e027446990e600216ba23ed427946201037
-
SSDEEP
6144:IBb6rFigZaGASvJfbwhmxdPpndlNWrG9mx3Xf1pM4+h+0LX:IBGYgZTA+9bwUnwrGYrpZGL
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-