General
-
Target
efab4862b0b3404b81cc5371de21a09a_JaffaCakes118
-
Size
521KB
-
Sample
240414-2hjbpsff57
-
MD5
efab4862b0b3404b81cc5371de21a09a
-
SHA1
082590970252fd6c4fa3fb6a2ba61c59658adbd6
-
SHA256
ec9fa2a359946a754445620e8c9ad1eb5bdd24c3630bc3fa600c13fa59664aaa
-
SHA512
3a83b1647df53c6251d258d03ab2aa270ec77159164249ba0a03b7a71c353ea23e2da60193aeea476ac4554a0f6db7bd85357de9ce2fbfd9a49fb2842960e1bb
-
SSDEEP
12288:cUmN5bbCs0t0EiY1G22luxs0O3DGfP4wqnTJfHN:cZEiY1Suxs0O3M4wqnVt
Static task
static1
Behavioral task
behavioral1
Sample
efab4862b0b3404b81cc5371de21a09a_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
efab4862b0b3404b81cc5371de21a09a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://65.21.223.84/~t/i.html/rVXhi7NTm83H7
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
efab4862b0b3404b81cc5371de21a09a_JaffaCakes118
-
Size
521KB
-
MD5
efab4862b0b3404b81cc5371de21a09a
-
SHA1
082590970252fd6c4fa3fb6a2ba61c59658adbd6
-
SHA256
ec9fa2a359946a754445620e8c9ad1eb5bdd24c3630bc3fa600c13fa59664aaa
-
SHA512
3a83b1647df53c6251d258d03ab2aa270ec77159164249ba0a03b7a71c353ea23e2da60193aeea476ac4554a0f6db7bd85357de9ce2fbfd9a49fb2842960e1bb
-
SSDEEP
12288:cUmN5bbCs0t0EiY1G22luxs0O3DGfP4wqnTJfHN:cZEiY1Suxs0O3M4wqnVt
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-