General
-
Target
4cecd51e58a6005d68a799c925091f4c_JaffaCakes118
-
Size
386KB
-
Sample
240331-exm7wadf6x
-
MD5
4cecd51e58a6005d68a799c925091f4c
-
SHA1
1794fc32a83497e5de3c0fb7ee93c1384d534400
-
SHA256
5a00c69b3acbacaa3837bdd2f30ac534eb872da62d8a325007277793e1fbaeee
-
SHA512
f6d81377930d646ae5e15113068d48f4dddecceb601b3de0ac48fcfdfe46a222cb0f8a730a900d80f1f9d1d7aa3fd9c2571b416f8e8cce712be08e183dd6429f
-
SSDEEP
6144:DWEKlq0ZYTXxYvt8JWJsdxHprci5MkhBT6YB:DWEKY0ZYTUJsd7mSBTD
Static task
static1
Behavioral task
behavioral1
Sample
4cecd51e58a6005d68a799c925091f4c_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4cecd51e58a6005d68a799c925091f4c_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://frinqy.gq/apps/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4cecd51e58a6005d68a799c925091f4c_JaffaCakes118
-
Size
386KB
-
MD5
4cecd51e58a6005d68a799c925091f4c
-
SHA1
1794fc32a83497e5de3c0fb7ee93c1384d534400
-
SHA256
5a00c69b3acbacaa3837bdd2f30ac534eb872da62d8a325007277793e1fbaeee
-
SHA512
f6d81377930d646ae5e15113068d48f4dddecceb601b3de0ac48fcfdfe46a222cb0f8a730a900d80f1f9d1d7aa3fd9c2571b416f8e8cce712be08e183dd6429f
-
SSDEEP
6144:DWEKlq0ZYTXxYvt8JWJsdxHprci5MkhBT6YB:DWEKY0ZYTUJsd7mSBTD
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-