General
-
Target
515f7da0562307df4c9354d5d5486e4f_JaffaCakes118
-
Size
249KB
-
Sample
240331-jztvnaha72
-
MD5
515f7da0562307df4c9354d5d5486e4f
-
SHA1
e18acee85cfa4728d7a8103a30b23f6bf2b8b3b8
-
SHA256
ae30c77472bd494b2116c5ef0fc7bedc11fca5a57c4796e316333d95ef61f437
-
SHA512
a77b74b1b7364be5812ef0b26f0e208621eb74958c1624ee8a643bb30e1de102eca399b383851bf630bc032bed4402d418f77650ca576b4789a5228b8d1f9963
-
SSDEEP
6144:yBlL/DXCB2O/sbRmS8EIOAv9YlEuc7AUsDGun6SG:4hXCB68S3Ixv9Y6sDGmC
Static task
static1
Behavioral task
behavioral1
Sample
515f7da0562307df4c9354d5d5486e4f_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
515f7da0562307df4c9354d5d5486e4f_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/zknj.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/zknj.dll
Resource
win10v2004-20231215-en
Malware Config
Extracted
lokibot
http://63.250.40.204/~wpdemo/file.php?search=loki
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
515f7da0562307df4c9354d5d5486e4f_JaffaCakes118
-
Size
249KB
-
MD5
515f7da0562307df4c9354d5d5486e4f
-
SHA1
e18acee85cfa4728d7a8103a30b23f6bf2b8b3b8
-
SHA256
ae30c77472bd494b2116c5ef0fc7bedc11fca5a57c4796e316333d95ef61f437
-
SHA512
a77b74b1b7364be5812ef0b26f0e208621eb74958c1624ee8a643bb30e1de102eca399b383851bf630bc032bed4402d418f77650ca576b4789a5228b8d1f9963
-
SSDEEP
6144:yBlL/DXCB2O/sbRmS8EIOAv9YlEuc7AUsDGun6SG:4hXCB68S3Ixv9Y6sDGmC
Score10/10-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
$PLUGINSDIR/zknj.dll
-
Size
31KB
-
MD5
9341d7e6ace114d0d860b083a0abe0b6
-
SHA1
dac2d2f0b2d50b21440fb8afb3de23f83a59374a
-
SHA256
6cccaba74963a25e1d95ef66e14ef02cd7b45331d5054a35d3eecf0ae9cfd160
-
SHA512
dd23f98e305f9e6acf69791604bc306d49290570ca7a8bc982be3d68f3f5f7bbcd57703ba5d5577759f370f0a1070f912e9e0629fa1bbdbc4a02a8a07ea87cd0
-
SSDEEP
768:k7dqMMWtGuEedF4Arnc68+iMJsbYQo/urrSEIM:UdqmQeg8HfsbY5yrS6
Score3/10 -