General
-
Target
53754b445a0f70892e6c0de3653735dc_JaffaCakes118
-
Size
1.1MB
-
Sample
240331-lw7y8aad59
-
MD5
53754b445a0f70892e6c0de3653735dc
-
SHA1
91c777eab3f1ef141b0eb3a6d162b903e2d6d7df
-
SHA256
736c1a6260210e721fbfc85800db502d17f2b495ab2d0bf856d19034ef176e16
-
SHA512
b3bc11c9b22eec3c0620f0996c6976db964b4280da5ecf91dddf08833ba2760283d9218d484cf74d000476c17627a1018ba72333fdef2eaa9ede29b552552bff
-
SSDEEP
24576:qjMUC9dS/9jJ50uK0smFMSslMo+qN9ceiW0RPkyZ8iu:qRC9s/JJ7lsmFxslf+miNRPRU
Static task
static1
Behavioral task
behavioral1
Sample
53754b445a0f70892e6c0de3653735dc_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://smartcamainpowerizman.sytes.net/ioknfbgj/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
53754b445a0f70892e6c0de3653735dc_JaffaCakes118
-
Size
1.1MB
-
MD5
53754b445a0f70892e6c0de3653735dc
-
SHA1
91c777eab3f1ef141b0eb3a6d162b903e2d6d7df
-
SHA256
736c1a6260210e721fbfc85800db502d17f2b495ab2d0bf856d19034ef176e16
-
SHA512
b3bc11c9b22eec3c0620f0996c6976db964b4280da5ecf91dddf08833ba2760283d9218d484cf74d000476c17627a1018ba72333fdef2eaa9ede29b552552bff
-
SSDEEP
24576:qjMUC9dS/9jJ50uK0smFMSslMo+qN9ceiW0RPkyZ8iu:qRC9s/JJ7lsmFxslf+miNRPRU
-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-