General
-
Target
578be57bf60176b1a6ba94beb599d847_JaffaCakes118
-
Size
355KB
-
Sample
240331-sa3wpsed55
-
MD5
578be57bf60176b1a6ba94beb599d847
-
SHA1
ee8fa7fbc702ecb3e75501db90f997b3baea7fd7
-
SHA256
752a463f53217bf6d840acea3c578404ecf501952e634c72a96d746211799c64
-
SHA512
c973b10a238bdb02499acd43067cb24292413c4c15b1454c3366bd47bf88df0637e59f942333eb09be7936497f64e46ec5919263e43ad38fc37b2f7e5cbfaa75
-
SSDEEP
6144:X/7LfUdUTLyMuQ1cic7C1JMtJYouLkFSLS8BxpQQ1obDyoE3L6yI:X/7LfbTORQt1StJtMkFSuOlWCoE3
Static task
static1
Behavioral task
behavioral1
Sample
578be57bf60176b1a6ba94beb599d847_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
578be57bf60176b1a6ba94beb599d847_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://jinolla.cf/states/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
578be57bf60176b1a6ba94beb599d847_JaffaCakes118
-
Size
355KB
-
MD5
578be57bf60176b1a6ba94beb599d847
-
SHA1
ee8fa7fbc702ecb3e75501db90f997b3baea7fd7
-
SHA256
752a463f53217bf6d840acea3c578404ecf501952e634c72a96d746211799c64
-
SHA512
c973b10a238bdb02499acd43067cb24292413c4c15b1454c3366bd47bf88df0637e59f942333eb09be7936497f64e46ec5919263e43ad38fc37b2f7e5cbfaa75
-
SSDEEP
6144:X/7LfUdUTLyMuQ1cic7C1JMtJYouLkFSLS8BxpQQ1obDyoE3L6yI:X/7LfbTORQt1StJtMkFSuOlWCoE3
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-