General
-
Target
0206ca0ddad918a6121ac709b3599cea_JaffaCakes118
-
Size
427KB
-
Sample
240328-k9j9mshc3v
-
MD5
0206ca0ddad918a6121ac709b3599cea
-
SHA1
b3368b58520018264475688f66ee1c3406eea411
-
SHA256
3781d189279634e678c92e0d9146beae3c975f8c610e5464cc21a3ba645d00d7
-
SHA512
e488d2f93837e4466a584b6afe869d537f2144fc34ee074c21a8b9a90b778a04c3fb7cf5e76ba3655fde6bbf05e51907eb6376041a7707849df68ab2788d730a
-
SSDEEP
6144:gMlgrNCNMjbVs/cJeV5Gx0Sz21TWFs5Q6xrcyFozSm2S9JNXRO5Y:+YBcJsG3SQdvyuX9DRO5
Static task
static1
Behavioral task
behavioral1
Sample
0206ca0ddad918a6121ac709b3599cea_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=88934
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0206ca0ddad918a6121ac709b3599cea_JaffaCakes118
-
Size
427KB
-
MD5
0206ca0ddad918a6121ac709b3599cea
-
SHA1
b3368b58520018264475688f66ee1c3406eea411
-
SHA256
3781d189279634e678c92e0d9146beae3c975f8c610e5464cc21a3ba645d00d7
-
SHA512
e488d2f93837e4466a584b6afe869d537f2144fc34ee074c21a8b9a90b778a04c3fb7cf5e76ba3655fde6bbf05e51907eb6376041a7707849df68ab2788d730a
-
SSDEEP
6144:gMlgrNCNMjbVs/cJeV5Gx0Sz21TWFs5Q6xrcyFozSm2S9JNXRO5Y:+YBcJsG3SQdvyuX9DRO5
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-