General
-
Target
e6264b60743e648233defe5dc124b9aa_JaffaCakes118
-
Size
516KB
-
Sample
240407-3vk7haac3s
-
MD5
e6264b60743e648233defe5dc124b9aa
-
SHA1
88dc1d4dce3de5e6797baf34e9000d188587071b
-
SHA256
56962cd0611f65c29cb8dc9917483599c201ec067ca1b5db314a88fc56b88666
-
SHA512
34ee1f5509cd9f5541ba697be30135d85464cc81f9f16258d1813a31188b7bdf597d9a9b1a6945d86e5518ab409282ed186cb392e62e1366e994157f205b7478
-
SSDEEP
6144:SggZh8na5hseoU6qaX1IDqgZ2wN0xRGozt98eciU6+4OFqU5IuhGhQNDWk+SKeg7:SF8yoqaX1CqS81JaeRu4OsRuYekMKX
Static task
static1
Behavioral task
behavioral1
Sample
e6264b60743e648233defe5dc124b9aa_JaffaCakes118.exe
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
e6264b60743e648233defe5dc124b9aa_JaffaCakes118.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
lokibot
http://fossilcourt.com/temp/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e6264b60743e648233defe5dc124b9aa_JaffaCakes118
-
Size
516KB
-
MD5
e6264b60743e648233defe5dc124b9aa
-
SHA1
88dc1d4dce3de5e6797baf34e9000d188587071b
-
SHA256
56962cd0611f65c29cb8dc9917483599c201ec067ca1b5db314a88fc56b88666
-
SHA512
34ee1f5509cd9f5541ba697be30135d85464cc81f9f16258d1813a31188b7bdf597d9a9b1a6945d86e5518ab409282ed186cb392e62e1366e994157f205b7478
-
SSDEEP
6144:SggZh8na5hseoU6qaX1IDqgZ2wN0xRGozt98eciU6+4OFqU5IuhGhQNDWk+SKeg7:SF8yoqaX1CqS81JaeRu4OsRuYekMKX
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-