General
-
Target
117ac974bd16d21864eef01b22879284_JaffaCakes118
-
Size
244KB
-
Sample
240328-15cxrsaf52
-
MD5
117ac974bd16d21864eef01b22879284
-
SHA1
116ef7167f80908f9efbeef01a8e5b54ae818fdb
-
SHA256
9e35ad79445831eb81e9fb5db0d30ef4ccd09344c6360014b7dd360029f80946
-
SHA512
54b29bbc50bbe333e4283c66d5eb193b1b4e06e317bc1c061fd125ac320c5df506d2ef91f4fd55ff344fc20bdd87ee61eaf81a47adeb949bd8fff63b1fb88a28
-
SSDEEP
6144:wBlL/cCLFRgqyyZB2/wSmAeAuf6HW04FlMB8s8f:CeCLFRgEZBCiH/fP7FlMBQf
Static task
static1
Behavioral task
behavioral1
Sample
117ac974bd16d21864eef01b22879284_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
117ac974bd16d21864eef01b22879284_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/wcwgqz.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/wcwgqz.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=745675
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
117ac974bd16d21864eef01b22879284_JaffaCakes118
-
Size
244KB
-
MD5
117ac974bd16d21864eef01b22879284
-
SHA1
116ef7167f80908f9efbeef01a8e5b54ae818fdb
-
SHA256
9e35ad79445831eb81e9fb5db0d30ef4ccd09344c6360014b7dd360029f80946
-
SHA512
54b29bbc50bbe333e4283c66d5eb193b1b4e06e317bc1c061fd125ac320c5df506d2ef91f4fd55ff344fc20bdd87ee61eaf81a47adeb949bd8fff63b1fb88a28
-
SSDEEP
6144:wBlL/cCLFRgqyyZB2/wSmAeAuf6HW04FlMB8s8f:CeCLFRgEZBCiH/fP7FlMBQf
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/wcwgqz.dll
-
Size
31KB
-
MD5
80d99f635e51ae330208f46c57dc2e43
-
SHA1
2978859ef3bc608f6887b54c0b2bd3320eb10d36
-
SHA256
0bab94e43836296b8f55c1f4ca681674f269dcc448b5030118e334429b6565ef
-
SHA512
aafe5a434f1e52261c238f8973f936f5a2e0883d553775344b1ac12be3a304a188dca5d9620331429c0e473017d91cd34301b9278ebe9c9d3186c835ca2c656a
-
SSDEEP
768:jUfwwBuuI1BceTrkacQTYQoBsjQtBGM2+YNsm:jUf/Bub1BAJEYsj9MsN
Score3/10 -