General
-
Target
0a7aed545d82f26a87de1cca47796231_JaffaCakes118
-
Size
244KB
-
Sample
240328-tyfxhsbe58
-
MD5
0a7aed545d82f26a87de1cca47796231
-
SHA1
ae96f05b50c0fa4e92010c60091f09767aa9cf91
-
SHA256
ae394cbd22d622c2b70db9e5dac86cd3806f4bd77e58d87cf3d66889d863b839
-
SHA512
25c67f08bfe084b43ca6b41c591cea578d6c89da4461987c00604d72e6bd715eda4b2b286c4fe678d96724b453879d5e4d600f88298f27e8ec2e1ced570f91f0
-
SSDEEP
6144:wBlL/cejlrttsrf2gR8cK+c363Znl3y19KZ6D:Ceejl4rugec373yPD
Static task
static1
Behavioral task
behavioral1
Sample
0a7aed545d82f26a87de1cca47796231_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0a7aed545d82f26a87de1cca47796231_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ilydrm.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ilydrm.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0a7aed545d82f26a87de1cca47796231_JaffaCakes118
-
Size
244KB
-
MD5
0a7aed545d82f26a87de1cca47796231
-
SHA1
ae96f05b50c0fa4e92010c60091f09767aa9cf91
-
SHA256
ae394cbd22d622c2b70db9e5dac86cd3806f4bd77e58d87cf3d66889d863b839
-
SHA512
25c67f08bfe084b43ca6b41c591cea578d6c89da4461987c00604d72e6bd715eda4b2b286c4fe678d96724b453879d5e4d600f88298f27e8ec2e1ced570f91f0
-
SSDEEP
6144:wBlL/cejlrttsrf2gR8cK+c363Znl3y19KZ6D:Ceejl4rugec373yPD
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/ilydrm.dll
-
Size
42KB
-
MD5
0a1ddcb22e0e985306480ac4aa415494
-
SHA1
fb7e0634cf441c2fbe7243ed6375b4b3842b9044
-
SHA256
90fdd61c4c83d9c35fcdffccc2953a0fe7ab3956a16d81072546d7d3301ba622
-
SHA512
433d58dee50d5f56fd787b6a1fb0d595b3d1f40e95c243336220d062abb15e2f653ea37f23cc2702fbc2d27a6df3ce68d2578aa1ff64df1a6eb18b39bf5e7592
-
SSDEEP
768:+7Y7+jTu71Hpg/DUBCU5h4plz3QFywFgy7y6AfYSWHX9bz:+7Yij67p5BGqFgYLApWHB
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-