General
-
Target
4b1015a15505f9f64de58bc00dd92570_JaffaCakes118
-
Size
604KB
-
Sample
240331-c8swdsch88
-
MD5
4b1015a15505f9f64de58bc00dd92570
-
SHA1
ecf2851628dc1b8ebf4ddbf529f687e334124622
-
SHA256
b65b34a54593add5ada0cc781f370a27c19af92ff0f2621b1539efd90a001cde
-
SHA512
182d535be9ad242de0d28c9c07415f47d79694cc37a5ff3a11ea4570a158d338094a4d7511d5493a4b0f736aa4fe28ec2c4a1fbde81e45a12284aed92c619949
-
SSDEEP
12288:pwhvsUi07I6+ilA51YeMreCNUPGbt7cJWD:pMkUieI6+iY1urHKJW
Static task
static1
Behavioral task
behavioral1
Sample
4b1015a15505f9f64de58bc00dd92570_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4b1015a15505f9f64de58bc00dd92570_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4b1015a15505f9f64de58bc00dd92570_JaffaCakes118
-
Size
604KB
-
MD5
4b1015a15505f9f64de58bc00dd92570
-
SHA1
ecf2851628dc1b8ebf4ddbf529f687e334124622
-
SHA256
b65b34a54593add5ada0cc781f370a27c19af92ff0f2621b1539efd90a001cde
-
SHA512
182d535be9ad242de0d28c9c07415f47d79694cc37a5ff3a11ea4570a158d338094a4d7511d5493a4b0f736aa4fe28ec2c4a1fbde81e45a12284aed92c619949
-
SSDEEP
12288:pwhvsUi07I6+ilA51YeMreCNUPGbt7cJWD:pMkUieI6+iY1urHKJW
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-