General
-
Target
e60c1bc83635a8480e1970205944b7a8_JaffaCakes118
-
Size
760KB
-
Sample
240407-2wc2vahb76
-
MD5
e60c1bc83635a8480e1970205944b7a8
-
SHA1
583890ea81b7180acc4caf95de8b71371e04885d
-
SHA256
917af44057dfe75238e0c9ad9c131610f29c0ac1641c631c5b01bb6ae5dfe46e
-
SHA512
5451c30aa46ef870e4e4cc1d1718d00556ad050d63c8b6dd5377745d80a8b2913c7e12ec803a8d548ef42a07270fa49acaa0c4c8725490a0b6bc28f304af4789
-
SSDEEP
12288:McaQxt8/QxC4CnDbgDPwFVt2NjFktvUvyYc7MBaxUO7gksCTY2nh3b3HbhQyUl6D:LxHCDb0wFVMNjrvyYc/3qCksh3b16Q
Static task
static1
Behavioral task
behavioral1
Sample
e60c1bc83635a8480e1970205944b7a8_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/S7zr5v1fXI3Rb
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e60c1bc83635a8480e1970205944b7a8_JaffaCakes118
-
Size
760KB
-
MD5
e60c1bc83635a8480e1970205944b7a8
-
SHA1
583890ea81b7180acc4caf95de8b71371e04885d
-
SHA256
917af44057dfe75238e0c9ad9c131610f29c0ac1641c631c5b01bb6ae5dfe46e
-
SHA512
5451c30aa46ef870e4e4cc1d1718d00556ad050d63c8b6dd5377745d80a8b2913c7e12ec803a8d548ef42a07270fa49acaa0c4c8725490a0b6bc28f304af4789
-
SSDEEP
12288:McaQxt8/QxC4CnDbgDPwFVt2NjFktvUvyYc7MBaxUO7gksCTY2nh3b3HbhQyUl6D:LxHCDb0wFVMNjrvyYc/3qCksh3b16Q
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-