General
-
Target
56361867eab35a39d81884e1578f50e2_JaffaCakes118
-
Size
513KB
-
Sample
240331-q69m1sch3y
-
MD5
56361867eab35a39d81884e1578f50e2
-
SHA1
c63b17d02d2e01af3c2493b8a722fc4a9fedfd12
-
SHA256
06f79ffcfd99529684e39c3cf6b07219f9ddd6b76952af83bc96adc7aecf442b
-
SHA512
47f771bd377d4ded9ec7d3fff94b49b1b2faf6f8d0be4b2f417e39f48233b39c7feee3a7ee5d0dfa63537933c0724b884cbea63b34ba267c16c6647694cd31ba
-
SSDEEP
12288:QIe0M4jN5hvAS6/Fk0szMxmgzerLeeqLsRkSPTFucz0:hvUkYmgqryaySP
Static task
static1
Behavioral task
behavioral1
Sample
56361867eab35a39d81884e1578f50e2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
56361867eab35a39d81884e1578f50e2_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/fd3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
56361867eab35a39d81884e1578f50e2_JaffaCakes118
-
Size
513KB
-
MD5
56361867eab35a39d81884e1578f50e2
-
SHA1
c63b17d02d2e01af3c2493b8a722fc4a9fedfd12
-
SHA256
06f79ffcfd99529684e39c3cf6b07219f9ddd6b76952af83bc96adc7aecf442b
-
SHA512
47f771bd377d4ded9ec7d3fff94b49b1b2faf6f8d0be4b2f417e39f48233b39c7feee3a7ee5d0dfa63537933c0724b884cbea63b34ba267c16c6647694cd31ba
-
SSDEEP
12288:QIe0M4jN5hvAS6/Fk0szMxmgzerLeeqLsRkSPTFucz0:hvUkYmgqryaySP
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-