General
-
Target
438c7099d2a7a5711c7f04e1fd1ae1c1_JaffaCakes118
-
Size
324KB
-
Sample
240330-y9pq1sdh5w
-
MD5
438c7099d2a7a5711c7f04e1fd1ae1c1
-
SHA1
5ca34ec712b5cc95a97701beb7e12d2035eab09c
-
SHA256
daad8d72469b40a070a2392c8961a11501b1d1bc64075931c4a15ac04c44c07d
-
SHA512
d15616adad2cb247b4f3e17f28b0f89c4d765842db3b1fac8b45963ab352a8fd0aad0e213fb2a7519c2f2dad95e6bfba0fac4e7efa6af8058be51a86f526c5c5
-
SSDEEP
6144:W34Ca/GvYdGoIbyDo85ThHxlesuGp2DGHN+7TyoHyhMB941Lwx:WX+GwdGoI+s81tTuext+vyofB9WE
Static task
static1
Behavioral task
behavioral1
Sample
438c7099d2a7a5711c7f04e1fd1ae1c1_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
438c7099d2a7a5711c7f04e1fd1ae1c1_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/fd7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
438c7099d2a7a5711c7f04e1fd1ae1c1_JaffaCakes118
-
Size
324KB
-
MD5
438c7099d2a7a5711c7f04e1fd1ae1c1
-
SHA1
5ca34ec712b5cc95a97701beb7e12d2035eab09c
-
SHA256
daad8d72469b40a070a2392c8961a11501b1d1bc64075931c4a15ac04c44c07d
-
SHA512
d15616adad2cb247b4f3e17f28b0f89c4d765842db3b1fac8b45963ab352a8fd0aad0e213fb2a7519c2f2dad95e6bfba0fac4e7efa6af8058be51a86f526c5c5
-
SSDEEP
6144:W34Ca/GvYdGoIbyDo85ThHxlesuGp2DGHN+7TyoHyhMB941Lwx:WX+GwdGoI+s81tTuext+vyofB9WE
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-