General
-
Target
e2bdb14a06a159e0bff5e8c38c138093_JaffaCakes118
-
Size
594KB
-
Sample
240406-rsk8yach75
-
MD5
e2bdb14a06a159e0bff5e8c38c138093
-
SHA1
698c24f4a8ddc574a2f7d67508c9e19c2ede5d4b
-
SHA256
b4d606664475463ef5538277959a0c5f679bb47ef9dd1e00d25d5999d129c09b
-
SHA512
3010b88090bd75451479d00e13a1a89476f36e5fd1a8433ec6c47fd2d7c20be06fcec957300f99806a33d223f2cd9312757f42af5a34234fe4badc02de8de7b1
-
SSDEEP
12288:8s3rANw4h9mzDYtP3ZMfrCYaPDueN+tmmzn5rGM:8s7ARh4zSP3I/mmzn5
Static task
static1
Behavioral task
behavioral1
Sample
e2bdb14a06a159e0bff5e8c38c138093_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e2bdb14a06a159e0bff5e8c38c138093_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://manvim.co/fd2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e2bdb14a06a159e0bff5e8c38c138093_JaffaCakes118
-
Size
594KB
-
MD5
e2bdb14a06a159e0bff5e8c38c138093
-
SHA1
698c24f4a8ddc574a2f7d67508c9e19c2ede5d4b
-
SHA256
b4d606664475463ef5538277959a0c5f679bb47ef9dd1e00d25d5999d129c09b
-
SHA512
3010b88090bd75451479d00e13a1a89476f36e5fd1a8433ec6c47fd2d7c20be06fcec957300f99806a33d223f2cd9312757f42af5a34234fe4badc02de8de7b1
-
SSDEEP
12288:8s3rANw4h9mzDYtP3ZMfrCYaPDueN+tmmzn5rGM:8s7ARh4zSP3I/mmzn5
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-