General
-
Target
559db8de6e321a3af47772f5d349514a_JaffaCakes118
-
Size
506KB
-
Sample
240331-qpj12ada46
-
MD5
559db8de6e321a3af47772f5d349514a
-
SHA1
c66245883499ece42302e19f0f655d44c8edc60d
-
SHA256
c1d2c68c54f57ca6bbb2ecc96f25ec3c0808c3e0194c31e6cafea5900ccbc762
-
SHA512
11ff5592ae7aa4249e74accad13d3ecedf805e82aec47296f0bd68802c9ab97731b9253ab178a05177467cd3d656440edd027c82efa4e08669c912e2a2e71a20
-
SSDEEP
6144:idMoo2/R7ITcrNxVQg+jS8g5NddJog/DEIszUxZk2tGYo8nMkhB:idvPkTcrfVQeddJJwDzyZkmrMSB
Static task
static1
Behavioral task
behavioral1
Sample
559db8de6e321a3af47772f5d349514a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
559db8de6e321a3af47772f5d349514a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=506
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
559db8de6e321a3af47772f5d349514a_JaffaCakes118
-
Size
506KB
-
MD5
559db8de6e321a3af47772f5d349514a
-
SHA1
c66245883499ece42302e19f0f655d44c8edc60d
-
SHA256
c1d2c68c54f57ca6bbb2ecc96f25ec3c0808c3e0194c31e6cafea5900ccbc762
-
SHA512
11ff5592ae7aa4249e74accad13d3ecedf805e82aec47296f0bd68802c9ab97731b9253ab178a05177467cd3d656440edd027c82efa4e08669c912e2a2e71a20
-
SSDEEP
6144:idMoo2/R7ITcrNxVQg+jS8g5NddJog/DEIszUxZk2tGYo8nMkhB:idvPkTcrfVQeddJJwDzyZkmrMSB
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-