General
-
Target
e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118
-
Size
748KB
-
Sample
240409-mhsg2sga4w
-
MD5
e9c8b2df79184fbe5b97854f53f28bdf
-
SHA1
d3e25418978afb7fb3ca1daac5316f5d16838ad9
-
SHA256
5ee842917f1dd40b07e05e22fd23c051fb795422ab8bc70af4435128c73431dc
-
SHA512
bac0009f0923784b9ba2e8398657cae83bdb2cacc01cc4a23b7ffec71779eab0fdad20c69b64d29cfc349975279ef1b8acca9e1fe84c37470bae74362a13349c
-
SSDEEP
12288:BTb/HK7zqL2kvXH+Q6eQha/jpUCtMBmRI0za547RLMB48YAKORxml+rnmeV+9JNx:ce7XH+EOKdz/7RAfI
Static task
static1
Behavioral task
behavioral1
Sample
e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://manvim.co/fd14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118
-
Size
748KB
-
MD5
e9c8b2df79184fbe5b97854f53f28bdf
-
SHA1
d3e25418978afb7fb3ca1daac5316f5d16838ad9
-
SHA256
5ee842917f1dd40b07e05e22fd23c051fb795422ab8bc70af4435128c73431dc
-
SHA512
bac0009f0923784b9ba2e8398657cae83bdb2cacc01cc4a23b7ffec71779eab0fdad20c69b64d29cfc349975279ef1b8acca9e1fe84c37470bae74362a13349c
-
SSDEEP
12288:BTb/HK7zqL2kvXH+Q6eQha/jpUCtMBmRI0za547RLMB48YAKORxml+rnmeV+9JNx:ce7XH+EOKdz/7RAfI
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-