General
-
Target
534baf1e3052e01385f1a77c374d8249_JaffaCakes118
-
Size
324KB
-
Sample
240331-lrc82sac68
-
MD5
534baf1e3052e01385f1a77c374d8249
-
SHA1
06770bfc9ff1f15af83ffcf324c3034b1f52c294
-
SHA256
813db55dac40b8997991910f6b37e14d79ffb6295c6811e762ec6f3db6a65fa2
-
SHA512
d7ec8ac5327b9524c1a2a116d962006f7231fb306988ee788317efd5a83965322192e44c8a209fb6bf1d07ceb0ff2eaf545e0dd41d898838417d4e8b46b55714
-
SSDEEP
6144:W34Ca/GvYdGoIbyDo85ThHxlesuGp2DGHN+7TyoHyhMB941LwxR:WX+GwdGoI+s81tTuext+vyofB9WEX
Static task
static1
Behavioral task
behavioral1
Sample
534baf1e3052e01385f1a77c374d8249_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
534baf1e3052e01385f1a77c374d8249_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/fd7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
534baf1e3052e01385f1a77c374d8249_JaffaCakes118
-
Size
324KB
-
MD5
534baf1e3052e01385f1a77c374d8249
-
SHA1
06770bfc9ff1f15af83ffcf324c3034b1f52c294
-
SHA256
813db55dac40b8997991910f6b37e14d79ffb6295c6811e762ec6f3db6a65fa2
-
SHA512
d7ec8ac5327b9524c1a2a116d962006f7231fb306988ee788317efd5a83965322192e44c8a209fb6bf1d07ceb0ff2eaf545e0dd41d898838417d4e8b46b55714
-
SSDEEP
6144:W34Ca/GvYdGoIbyDo85ThHxlesuGp2DGHN+7TyoHyhMB941LwxR:WX+GwdGoI+s81tTuext+vyofB9WEX
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-