General
-
Target
4094783d73488eee71a0912549b02816_JaffaCakes118
-
Size
246KB
-
Sample
240330-vyevwsbc36
-
MD5
4094783d73488eee71a0912549b02816
-
SHA1
921b359314c2bfa02d5a13ed38df6c30c54b4554
-
SHA256
ae529dd95d3d7b5667cc3b2df9fb2e28e94bbd40a80c2b7c150a0d3511e4e7b9
-
SHA512
145c08efe38b0da79e980291e2d5e116e201deefb35dab150f032015054e32888407b679a1cbd8c03ce9b72ad58f35083ff0317a33a8197de135705add9d0c71
-
SSDEEP
6144:wBlL/cHVuoIyeVybm87pAjP2/Lrv3wj7pcpKqZ9:CeHTPdAjP+v3w/UKa
Static task
static1
Behavioral task
behavioral1
Sample
4094783d73488eee71a0912549b02816_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4094783d73488eee71a0912549b02816_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/yqbylrwo.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/yqbylrwo.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4094783d73488eee71a0912549b02816_JaffaCakes118
-
Size
246KB
-
MD5
4094783d73488eee71a0912549b02816
-
SHA1
921b359314c2bfa02d5a13ed38df6c30c54b4554
-
SHA256
ae529dd95d3d7b5667cc3b2df9fb2e28e94bbd40a80c2b7c150a0d3511e4e7b9
-
SHA512
145c08efe38b0da79e980291e2d5e116e201deefb35dab150f032015054e32888407b679a1cbd8c03ce9b72ad58f35083ff0317a33a8197de135705add9d0c71
-
SSDEEP
6144:wBlL/cHVuoIyeVybm87pAjP2/Lrv3wj7pcpKqZ9:CeHTPdAjP+v3w/UKa
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/yqbylrwo.dll
-
Size
42KB
-
MD5
e0bd3fde206f2149f8a4a3e2751a20c3
-
SHA1
1bd4a26d69ce5a2f962e7d8d690704242844186a
-
SHA256
0feaffcf57c73f9afc69bdecdb9818def452175101c633a1b39d39018654040c
-
SHA512
1b48520702f6c2c95355799a23ed25a2541a715d9a45745b48c1755f3a578bca121503fc96626e7e46b69e54da8a5c75bec41d73dca2d9cbbfd1091fffb3cb75
-
SSDEEP
768:M8Cn/mA3b7129MW92XqjjHXwEZblF4yM4BWA78Rszu:M8CnuAr7kYXbr4EApa
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-