General
-
Target
e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118
-
Size
521KB
-
Sample
240407-tdyltsgb2x
-
MD5
e54d1bcdd9d7af8f91758cfa17be9224
-
SHA1
4148817d8d4fc116a7b7725d16183c7e74128f10
-
SHA256
7532843070bc15b8f344e854f792fd7238819519a9c6bd048030a3575bc2c891
-
SHA512
487da3ee4bb43915945e90da25a52bedc9db2f29d90348a5efcdcff7da91a86b6d5cb81ebe9041e3f66e6aaf0db2666f65c864480a4eea02cad84e633a36f104
-
SSDEEP
12288:FIuc84DkEhvbdwIHAlVKLxSSXyJyqvl0zRHv9B37dQTa6a0:4TdwIHAlcrUPvq9zdl
Static task
static1
Behavioral task
behavioral1
Sample
e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://checkvim.com/fd4/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e54d1bcdd9d7af8f91758cfa17be9224_JaffaCakes118
-
Size
521KB
-
MD5
e54d1bcdd9d7af8f91758cfa17be9224
-
SHA1
4148817d8d4fc116a7b7725d16183c7e74128f10
-
SHA256
7532843070bc15b8f344e854f792fd7238819519a9c6bd048030a3575bc2c891
-
SHA512
487da3ee4bb43915945e90da25a52bedc9db2f29d90348a5efcdcff7da91a86b6d5cb81ebe9041e3f66e6aaf0db2666f65c864480a4eea02cad84e633a36f104
-
SSDEEP
12288:FIuc84DkEhvbdwIHAlVKLxSSXyJyqvl0zRHv9B37dQTa6a0:4TdwIHAlcrUPvq9zdl
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-