General
-
Target
4f9a6937b1bb97f14cf0bac59fbde3a8_JaffaCakes118
-
Size
244KB
-
Sample
240331-g7rn6afb7y
-
MD5
4f9a6937b1bb97f14cf0bac59fbde3a8
-
SHA1
e9be17e15e74634171c44fa84c28d256747de3fd
-
SHA256
1d55c9d6edbd2a75e3202646ddd3649e3249ba8b43ff051299859a5edd258cf6
-
SHA512
9776b111c1982e82e38fa7743839e06736a6fe77296c4f0e6515a4526f046ff0b201f4b77a6765fccd0f4d721d9db1455a57d86d3f42895fd6a17184bca9e0b0
-
SSDEEP
6144:wBlL/c6XIho4w4nHSKyJ+BlY5QM2bJ7kLYzKztkBB/k6z49:CeOD4w4HHY+BlcVWJ7kLvzAB/jC
Static task
static1
Behavioral task
behavioral1
Sample
4f9a6937b1bb97f14cf0bac59fbde3a8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4f9a6937b1bb97f14cf0bac59fbde3a8_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/phzgia.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/phzgia.dll
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=745675
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4f9a6937b1bb97f14cf0bac59fbde3a8_JaffaCakes118
-
Size
244KB
-
MD5
4f9a6937b1bb97f14cf0bac59fbde3a8
-
SHA1
e9be17e15e74634171c44fa84c28d256747de3fd
-
SHA256
1d55c9d6edbd2a75e3202646ddd3649e3249ba8b43ff051299859a5edd258cf6
-
SHA512
9776b111c1982e82e38fa7743839e06736a6fe77296c4f0e6515a4526f046ff0b201f4b77a6765fccd0f4d721d9db1455a57d86d3f42895fd6a17184bca9e0b0
-
SSDEEP
6144:wBlL/c6XIho4w4nHSKyJ+BlY5QM2bJ7kLYzKztkBB/k6z49:CeOD4w4HHY+BlcVWJ7kLvzAB/jC
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/phzgia.dll
-
Size
42KB
-
MD5
fadd6e52f774915df3d8ad879bd957d9
-
SHA1
89b91131d77380a6514d1aa609ff3f5187153133
-
SHA256
88430ee3f7acaae7ce13b9d5df10a8851df927767f3f660f13fdc9ca4edf106f
-
SHA512
25f05f83a789556dd42a4f609c357aa8c40663673ea2a5beee02f88564c3c142b747481e714daaf578361d8940d93bc08ae6bd6a1c1582b285e1a4cd94566054
-
SSDEEP
768:IYjfeAOj7jaorohxhtyqFF66UaXS2yn1+AOjylWJ:IYjmAu7GDh6Z1+AOjyC
Score10/10-
Blocklisted process makes network request
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-