General
-
Target
e61e8fc9b052b9552bfe83657b84171a_JaffaCakes118
-
Size
413KB
-
Sample
240407-3jdy2saa48
-
MD5
e61e8fc9b052b9552bfe83657b84171a
-
SHA1
8e576868aa85181a9824e1594c5a8c9138249878
-
SHA256
6aa904bd3d5de52d81d0be6cf0bd37c6b7987b1f17dd86439362aa57514cb133
-
SHA512
5439e4dc6fd80e35c21d1f2f39f4bd0ffdb0dffb832f0c73b792d597c832d427bef301af9317330065accc6651164f4bf1d4d6da22ac520e9e31f47bcbfc5f32
-
SSDEEP
6144:TgYIYK2rLkrlGUPn32le83F0F7KwGD43X/gV6eMplGtWmNnK9snfiYcNf5tMA:5LUGUPn2e4F0F7dGYXeklDuZzwf5tMA
Static task
static1
Behavioral task
behavioral1
Sample
e61e8fc9b052b9552bfe83657b84171a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e61e8fc9b052b9552bfe83657b84171a_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://136.243.159.53/~element/page.php?id=484
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e61e8fc9b052b9552bfe83657b84171a_JaffaCakes118
-
Size
413KB
-
MD5
e61e8fc9b052b9552bfe83657b84171a
-
SHA1
8e576868aa85181a9824e1594c5a8c9138249878
-
SHA256
6aa904bd3d5de52d81d0be6cf0bd37c6b7987b1f17dd86439362aa57514cb133
-
SHA512
5439e4dc6fd80e35c21d1f2f39f4bd0ffdb0dffb832f0c73b792d597c832d427bef301af9317330065accc6651164f4bf1d4d6da22ac520e9e31f47bcbfc5f32
-
SSDEEP
6144:TgYIYK2rLkrlGUPn32le83F0F7KwGD43X/gV6eMplGtWmNnK9snfiYcNf5tMA:5LUGUPn2e4F0F7dGYXeklDuZzwf5tMA
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-