General
-
Target
408d4e2d074aae3cea6ef4b0e5692396_JaffaCakes118
-
Size
514KB
-
Sample
240330-vw9bqabb94
-
MD5
408d4e2d074aae3cea6ef4b0e5692396
-
SHA1
e90832ba56d3b3098254e8b63bee9818d9b4dfc4
-
SHA256
cf0aeb6b5855b1a72e19c50f9d662e765435c2d701b0ea88bb9c4bfe168f1a94
-
SHA512
8ad90f4cf36c4bf0f4f6515f7f12e7385b7addcf70708880064b82be52aab263fd8976ffa182d37dc0c93ec320301820208f3d46fe4cc9811241257774d73324
-
SSDEEP
6144:QIIOc8oTJ5H6MFohvg6ZGOSyO1kc8mwe+23cKG1VEl+I0FEuiQYcsYxPrEPoN7WI:tIOc8oT70hvSlv10/zEZQzvxjNi8E70
Static task
static1
Behavioral task
behavioral1
Sample
408d4e2d074aae3cea6ef4b0e5692396_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
408d4e2d074aae3cea6ef4b0e5692396_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=423
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
408d4e2d074aae3cea6ef4b0e5692396_JaffaCakes118
-
Size
514KB
-
MD5
408d4e2d074aae3cea6ef4b0e5692396
-
SHA1
e90832ba56d3b3098254e8b63bee9818d9b4dfc4
-
SHA256
cf0aeb6b5855b1a72e19c50f9d662e765435c2d701b0ea88bb9c4bfe168f1a94
-
SHA512
8ad90f4cf36c4bf0f4f6515f7f12e7385b7addcf70708880064b82be52aab263fd8976ffa182d37dc0c93ec320301820208f3d46fe4cc9811241257774d73324
-
SSDEEP
6144:QIIOc8oTJ5H6MFohvg6ZGOSyO1kc8mwe+23cKG1VEl+I0FEuiQYcsYxPrEPoN7WI:tIOc8oT70hvSlv10/zEZQzvxjNi8E70
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-