General
-
Target
faa648a8568e4627e7edc78099d087b5_JaffaCakes118
-
Size
698KB
-
Sample
240419-tdqwzsgd69
-
MD5
faa648a8568e4627e7edc78099d087b5
-
SHA1
cfd6a3dca64f42f8bb5c3a4e9d7b9cab4d78e177
-
SHA256
611b569440a6daaf92be62a1958366eb772bd62b7bc2f20893870808e0d5a277
-
SHA512
ba1b98ae66865341b8a28408eb147dd0ddf073bd308860050a6575501a6193b50eb2e1fc4e7e9e34d4bdc40d11bbe5a728ea8960de2595ea878251605101d8eb
-
SSDEEP
12288:R1Wl8TpYMxskWv6rfIYJ3dqbTeU77xkU7d3:RAGF0yhtqHx77xkUV
Static task
static1
Behavioral task
behavioral1
Sample
faa648a8568e4627e7edc78099d087b5_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
faa648a8568e4627e7edc78099d087b5_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/j572NMRHsdmec
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
faa648a8568e4627e7edc78099d087b5_JaffaCakes118
-
Size
698KB
-
MD5
faa648a8568e4627e7edc78099d087b5
-
SHA1
cfd6a3dca64f42f8bb5c3a4e9d7b9cab4d78e177
-
SHA256
611b569440a6daaf92be62a1958366eb772bd62b7bc2f20893870808e0d5a277
-
SHA512
ba1b98ae66865341b8a28408eb147dd0ddf073bd308860050a6575501a6193b50eb2e1fc4e7e9e34d4bdc40d11bbe5a728ea8960de2595ea878251605101d8eb
-
SSDEEP
12288:R1Wl8TpYMxskWv6rfIYJ3dqbTeU77xkU7d3:RAGF0yhtqHx77xkUV
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-