General
-
Target
8480b7a266e9b9659e29c8178269e822_JaffaCakes118
-
Size
554KB
-
Sample
241101-sza7zssepq
-
MD5
8480b7a266e9b9659e29c8178269e822
-
SHA1
fdb45931681ec25c149816e0ab92e9482e20f119
-
SHA256
78f342372865460fa2db1124046e6eb93b89a0a24dda0c28946a36569af5f1c9
-
SHA512
29b4f5b959c96ba49c20e472cd0e502ff58c1e9af4ed2641e2c6ac951c2c711d036142c9ca12a4014935d257df028dbe6c8c2e61505ac1086cb1d584b9f49fdd
-
SSDEEP
12288:3yN5yf5GnDmkiqUTJvWlmo5YFdCdAm3iUobxLSXjL3sJQRhaqNG:3yNhDmFJgB2F0r1jbsUaYG
Static task
static1
Behavioral task
behavioral1
Sample
Bank Details.pdf___________________________________.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
http://aboasu.xyz/dx/kk/koo.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Bank Details.pdf___________________________________.bat
-
Size
1021KB
-
MD5
165abfb0c60c6917d29d2d83be640103
-
SHA1
41b85e2688a0bda0146dc598539942a7e1452c26
-
SHA256
ac8ab6d26de41ba63cd9fab6732dc4e08a5ce16d6ba9b747a585c56ee02ade40
-
SHA512
46190586f74aef3d69a38566c86e3efcd42a74123fcf4492be7694e9ae78bbba2bd9ec644fc709be997c7845465cdcaa98302776eeada7e208d09e20448818de
-
SSDEEP
12288:yad88kz3J4cuHanxExelM8EIoSOkRo69rbKw5C//F+nCTgwf++dpwVNw7:yaG3ucqUMfku69rbKJCCEw
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-