General
-
Target
1378bd2ce25200fe533c9b8260af8525_JaffaCakes118
-
Size
243KB
-
Sample
240329-af7sqsch68
-
MD5
1378bd2ce25200fe533c9b8260af8525
-
SHA1
6c77a4cb56aa3a32d31e6b03abf8ef483a58b430
-
SHA256
e7ed6e5c4717d05c2747e1a54b305de79e47be09e8c29c5b641ac4e5cc73acc3
-
SHA512
260a7ddc7d567eaa2e613185764da35cc617cc81f583e6c5227ffaba65591fa0804155b588c0e58d8a2b2a8136e5a95703d7648da9fc40553b321dcd55358c68
-
SSDEEP
6144:wBlL/cof5JCBqNjqbVGnw4Jgc+4t7a+YsB5:Ce6OAYGnw4Jggda+V
Static task
static1
Behavioral task
behavioral1
Sample
1378bd2ce25200fe533c9b8260af8525_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
1378bd2ce25200fe533c9b8260af8525_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/wkttpwwrnpc.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/wkttpwwrnpc.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=488
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1378bd2ce25200fe533c9b8260af8525_JaffaCakes118
-
Size
243KB
-
MD5
1378bd2ce25200fe533c9b8260af8525
-
SHA1
6c77a4cb56aa3a32d31e6b03abf8ef483a58b430
-
SHA256
e7ed6e5c4717d05c2747e1a54b305de79e47be09e8c29c5b641ac4e5cc73acc3
-
SHA512
260a7ddc7d567eaa2e613185764da35cc617cc81f583e6c5227ffaba65591fa0804155b588c0e58d8a2b2a8136e5a95703d7648da9fc40553b321dcd55358c68
-
SSDEEP
6144:wBlL/cof5JCBqNjqbVGnw4Jgc+4t7a+YsB5:Ce6OAYGnw4Jggda+V
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/wkttpwwrnpc.dll
-
Size
34KB
-
MD5
ac0287a13001161f8f6979d9b178875c
-
SHA1
bfa60649e02a0722eece1a0cfb65b125f82e8dcc
-
SHA256
cca26baaa5fda68034cf93a1075ab828f249f8daab0a58b96f7ab3f0ef7f6e0a
-
SHA512
7c5f3cd1327e0ceac864313bb3a66cec63cca6a639dbe545768167c006f12ca9cd88f8d79c29f75a2111b0b0ea10581c15a8fbade7db4b3dcdd684deee41487a
-
SSDEEP
384:wo23nf109G/+xNDWvliIctCCcKNHWIwIqiavtIoUBe+8vtDxzdLCeWU92RS+Uvxr:f2W6rC6vtFce+EtDDuavp/yuG/
Score3/10 -