General
-
Target
5057cc691005a448954a59faf019c6a4_JaffaCakes118
-
Size
523KB
-
Sample
240331-h3wb8agd79
-
MD5
5057cc691005a448954a59faf019c6a4
-
SHA1
15547242c0a6e054e3b2a7f47edbe8c0ad062f69
-
SHA256
bb727e3ccf2cad49fa431905c08dd6c9f52e880a8d290b8f0c4842f1ac50ce1e
-
SHA512
b8cffe0c2b74f18b3d31065f9e4462160c20974b82b9841401f6d489797d1e60556db7915ce0727a6b0d9e2b62848804979ca2a54a667edc71d3014677434477
-
SSDEEP
12288:CxoPkgSBJKtOMtCP2YQMasabaHNbETPIxK2:KoPGBk2wjsaCEIw2
Static task
static1
Behavioral task
behavioral1
Sample
5057cc691005a448954a59faf019c6a4_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5057cc691005a448954a59faf019c6a4_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://frinqy.gq/apps/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5057cc691005a448954a59faf019c6a4_JaffaCakes118
-
Size
523KB
-
MD5
5057cc691005a448954a59faf019c6a4
-
SHA1
15547242c0a6e054e3b2a7f47edbe8c0ad062f69
-
SHA256
bb727e3ccf2cad49fa431905c08dd6c9f52e880a8d290b8f0c4842f1ac50ce1e
-
SHA512
b8cffe0c2b74f18b3d31065f9e4462160c20974b82b9841401f6d489797d1e60556db7915ce0727a6b0d9e2b62848804979ca2a54a667edc71d3014677434477
-
SSDEEP
12288:CxoPkgSBJKtOMtCP2YQMasabaHNbETPIxK2:KoPGBk2wjsaCEIw2
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-