General
-
Target
f54d9f4793ee6460e4a17e89104c5897_JaffaCakes118
-
Size
754KB
-
Sample
240417-jky6tsaf81
-
MD5
f54d9f4793ee6460e4a17e89104c5897
-
SHA1
df744005f8bb3e6e407d744f02fc4e456e007ec6
-
SHA256
a896aa44c2f2d8a96104d8f41742c5442e113d40a1e3756b57582af63859322d
-
SHA512
311b859417bf131316bf6a917e4a975347ed0068a03e953ad7383f96c02afc2f84952b7c72ded0c22a1880e0ef4012559f710ef25b45f3b47ea8d051c00f6604
-
SSDEEP
12288:6F3HY6STq4/++5zMavAm9uxnlL62w3WrDBNpWObNfLjLXLvmxceq+JAa7vqt1Lrh:W41m4/D5QaAm9+JrwkLPL1
Static task
static1
Behavioral task
behavioral1
Sample
f54d9f4793ee6460e4a17e89104c5897_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
f54d9f4793ee6460e4a17e89104c5897_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://192.236.162.234/oga/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f54d9f4793ee6460e4a17e89104c5897_JaffaCakes118
-
Size
754KB
-
MD5
f54d9f4793ee6460e4a17e89104c5897
-
SHA1
df744005f8bb3e6e407d744f02fc4e456e007ec6
-
SHA256
a896aa44c2f2d8a96104d8f41742c5442e113d40a1e3756b57582af63859322d
-
SHA512
311b859417bf131316bf6a917e4a975347ed0068a03e953ad7383f96c02afc2f84952b7c72ded0c22a1880e0ef4012559f710ef25b45f3b47ea8d051c00f6604
-
SSDEEP
12288:6F3HY6STq4/++5zMavAm9uxnlL62w3WrDBNpWObNfLjLXLvmxceq+JAa7vqt1Lrh:W41m4/D5QaAm9+JrwkLPL1
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-