General
-
Target
41c7a84edea3aed7716f275742a3b11e_JaffaCakes118
-
Size
357KB
-
Sample
240330-xbvzpscf75
-
MD5
41c7a84edea3aed7716f275742a3b11e
-
SHA1
df58f3c713c79a1b93494209c2dc7616aa5347df
-
SHA256
89658fee4b1a9799ebf59268e6cacc696d326cd97afaa5cc0d1592846fc2f5f3
-
SHA512
b8443b8d5f2d0dd6518c18a4d0c6273c059a4f2de68d06cc1f74cd0846ff557a8ab9bca72cb6742dfb538f6b84cc7177aea2c059b3a630d69472a1533b50475a
-
SSDEEP
6144:o6JXjjY4Klrvyo07mZjG7X7YoC7WBwwxc33fpEA/u2c1d6yIU:okYXRv9ZjuX7xC7WBqHB9/u2c1
Static task
static1
Behavioral task
behavioral1
Sample
41c7a84edea3aed7716f275742a3b11e_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
41c7a84edea3aed7716f275742a3b11e_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=475803
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
41c7a84edea3aed7716f275742a3b11e_JaffaCakes118
-
Size
357KB
-
MD5
41c7a84edea3aed7716f275742a3b11e
-
SHA1
df58f3c713c79a1b93494209c2dc7616aa5347df
-
SHA256
89658fee4b1a9799ebf59268e6cacc696d326cd97afaa5cc0d1592846fc2f5f3
-
SHA512
b8443b8d5f2d0dd6518c18a4d0c6273c059a4f2de68d06cc1f74cd0846ff557a8ab9bca72cb6742dfb538f6b84cc7177aea2c059b3a630d69472a1533b50475a
-
SSDEEP
6144:o6JXjjY4Klrvyo07mZjG7X7YoC7WBwwxc33fpEA/u2c1d6yIU:okYXRv9ZjuX7xC7WBqHB9/u2c1
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-