General
-
Target
4cf0b6ea4f05aff01254e851a0fc8a24_JaffaCakes118
-
Size
456KB
-
Sample
240331-ex7lhsec42
-
MD5
4cf0b6ea4f05aff01254e851a0fc8a24
-
SHA1
9bbd12251e5e2f03b78637282818f4c3e86f8fce
-
SHA256
6276ef565aebf223533b10f56f770550ff8bffdfba2799d4e9c379000d6fe44d
-
SHA512
c8fcd60c174b56abdf7f1caec59116414f9113216412dceaf3b63796f714bb23519c53d519837fcde67a284b570d3e1af19d1fcaa5221c0c64ff5d7cf4b6ba56
-
SSDEEP
12288:MMASBfG1Ikii7u9CAJBu9BgXAuIkcoswa5A0:M6Bf2ni0AJ4/gLILZwa+0
Static task
static1
Behavioral task
behavioral1
Sample
4cf0b6ea4f05aff01254e851a0fc8a24_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4cf0b6ea4f05aff01254e851a0fc8a24_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=491
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4cf0b6ea4f05aff01254e851a0fc8a24_JaffaCakes118
-
Size
456KB
-
MD5
4cf0b6ea4f05aff01254e851a0fc8a24
-
SHA1
9bbd12251e5e2f03b78637282818f4c3e86f8fce
-
SHA256
6276ef565aebf223533b10f56f770550ff8bffdfba2799d4e9c379000d6fe44d
-
SHA512
c8fcd60c174b56abdf7f1caec59116414f9113216412dceaf3b63796f714bb23519c53d519837fcde67a284b570d3e1af19d1fcaa5221c0c64ff5d7cf4b6ba56
-
SSDEEP
12288:MMASBfG1Ikii7u9CAJBu9BgXAuIkcoswa5A0:M6Bf2ni0AJ4/gLILZwa+0
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-