General
-
Target
095eb46a48c5dfe26b91e1915bd4d6c8_JaffaCakes118
-
Size
466KB
-
Sample
240328-s2c5cshg7y
-
MD5
095eb46a48c5dfe26b91e1915bd4d6c8
-
SHA1
835a00e3961670b2274a101bad81b519bd0af3d2
-
SHA256
05679e77d92c8be217fb1e34cfaa8dc0254a98c9cd35ce0b0bbab31426daff1f
-
SHA512
c7828b3e5368d09d3e684b2c0bf6414b8bce89ebf31c2fbc654011e2dbd58e4cc3277cbad1d7321fc36c6ba611c8f66d547b7090f47b4bfe23944ce7f61a7d61
-
SSDEEP
12288:PMndbtDJK07nCjF2CaOqTq2BATZO/Bwm4LhiSB:PSdhDJ5zCjHaNW2BATZu6m41B
Static task
static1
Behavioral task
behavioral1
Sample
095eb46a48c5dfe26b91e1915bd4d6c8_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
095eb46a48c5dfe26b91e1915bd4d6c8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/ga11/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
095eb46a48c5dfe26b91e1915bd4d6c8_JaffaCakes118
-
Size
466KB
-
MD5
095eb46a48c5dfe26b91e1915bd4d6c8
-
SHA1
835a00e3961670b2274a101bad81b519bd0af3d2
-
SHA256
05679e77d92c8be217fb1e34cfaa8dc0254a98c9cd35ce0b0bbab31426daff1f
-
SHA512
c7828b3e5368d09d3e684b2c0bf6414b8bce89ebf31c2fbc654011e2dbd58e4cc3277cbad1d7321fc36c6ba611c8f66d547b7090f47b4bfe23944ce7f61a7d61
-
SSDEEP
12288:PMndbtDJK07nCjF2CaOqTq2BATZO/Bwm4LhiSB:PSdhDJ5zCjHaNW2BATZu6m41B
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-