General
-
Target
f9caf25e0ce0553c6969d24b60f9ba8a_JaffaCakes118
-
Size
290KB
-
Sample
240419-h6ehwabg47
-
MD5
f9caf25e0ce0553c6969d24b60f9ba8a
-
SHA1
ba9bee21572b2cad7742ed691ccd7287f3257142
-
SHA256
9b7488e4efffc5a3ce782293d90afa665659bf0e1197aa06fbe0f8481ef9b1ee
-
SHA512
1035ad2cbff9995899aef30a9d9eff6f5ac156f49a6312225d0778728d67421fe0b0d111a8b49c3343db33426eb2471d7fde16c3256728c42b0dafab6e6c082a
-
SSDEEP
6144:67CYpS8fBTB8ObJkZP7cktI2hN+Hldu1N:yCEfB9jFkdckpbslYN
Static task
static1
Behavioral task
behavioral1
Sample
f9caf25e0ce0553c6969d24b60f9ba8a_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
f9caf25e0ce0553c6969d24b60f9ba8a_JaffaCakes118.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
lokibot
http://skscarsrjn.in/wp/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
f9caf25e0ce0553c6969d24b60f9ba8a_JaffaCakes118
-
Size
290KB
-
MD5
f9caf25e0ce0553c6969d24b60f9ba8a
-
SHA1
ba9bee21572b2cad7742ed691ccd7287f3257142
-
SHA256
9b7488e4efffc5a3ce782293d90afa665659bf0e1197aa06fbe0f8481ef9b1ee
-
SHA512
1035ad2cbff9995899aef30a9d9eff6f5ac156f49a6312225d0778728d67421fe0b0d111a8b49c3343db33426eb2471d7fde16c3256728c42b0dafab6e6c082a
-
SSDEEP
6144:67CYpS8fBTB8ObJkZP7cktI2hN+Hldu1N:yCEfB9jFkdckpbslYN
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-