General
-
Target
f1da97ff8e456b9a852f87ad01f90436_JaffaCakes118
-
Size
707KB
-
Sample
240415-y71eqsfd62
-
MD5
f1da97ff8e456b9a852f87ad01f90436
-
SHA1
4d3112dbc7374fe4862898bbefe25b8ea9b93446
-
SHA256
1c146e80516e1e79ca4f8785b2ce93211e44f269c4c692a8b756bb7634c2a2b5
-
SHA512
d02d3103eecd3308bcfa88652916a525cf54025a04ce872370cd437956ae1c6921ea17c24eb0f30e7b68aae77601e76bbe357354bcd3616de463ed5ce4425007
-
SSDEEP
12288:SlxNv/A8haLlsEHG+2C9mIzUewRTCe22n0Kz1AmsUA+xENlQuHpm24W5MNmE5qAo:t7HGpC9mIzUewRTCe22n0KzOmsUelQky
Static task
static1
Behavioral task
behavioral1
Sample
f1da97ff8e456b9a852f87ad01f90436_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f1da97ff8e456b9a852f87ad01f90436_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/cBX7uEWjd5c0S
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f1da97ff8e456b9a852f87ad01f90436_JaffaCakes118
-
Size
707KB
-
MD5
f1da97ff8e456b9a852f87ad01f90436
-
SHA1
4d3112dbc7374fe4862898bbefe25b8ea9b93446
-
SHA256
1c146e80516e1e79ca4f8785b2ce93211e44f269c4c692a8b756bb7634c2a2b5
-
SHA512
d02d3103eecd3308bcfa88652916a525cf54025a04ce872370cd437956ae1c6921ea17c24eb0f30e7b68aae77601e76bbe357354bcd3616de463ed5ce4425007
-
SSDEEP
12288:SlxNv/A8haLlsEHG+2C9mIzUewRTCe22n0Kz1AmsUA+xENlQuHpm24W5MNmE5qAo:t7HGpC9mIzUewRTCe22n0KzOmsUelQky
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-