General
-
Target
fac41e4e724bf794af1a1e2df965c665_JaffaCakes118
-
Size
914KB
-
Sample
240419-vlwymsah7v
-
MD5
fac41e4e724bf794af1a1e2df965c665
-
SHA1
7acf73099786c571cc4c8353c7d1c4896d7e631c
-
SHA256
d5ad8ba8690a44f1f566b3ae03eb053eaeb9290f34a05480494cc51c2df2794b
-
SHA512
4bae3433c0bfcd9624d3dc94d507ab9ed0abdd59b24cfb046301eaf44a78e0b8b873596aba7eaa56cf02a2389aa7591eddf43c45d317a8467e713cc4ee98f7d0
-
SSDEEP
12288:fmwg6Guy1lexmRwefisAs5/d3Xh1lkxO7p/KviAgM9fLzJoPxxltyOqK4T:N/05/d3H6QQDXJuLyOq
Static task
static1
Behavioral task
behavioral1
Sample
fac41e4e724bf794af1a1e2df965c665_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
fac41e4e724bf794af1a1e2df965c665_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://apponline354.ir/kiriko/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fac41e4e724bf794af1a1e2df965c665_JaffaCakes118
-
Size
914KB
-
MD5
fac41e4e724bf794af1a1e2df965c665
-
SHA1
7acf73099786c571cc4c8353c7d1c4896d7e631c
-
SHA256
d5ad8ba8690a44f1f566b3ae03eb053eaeb9290f34a05480494cc51c2df2794b
-
SHA512
4bae3433c0bfcd9624d3dc94d507ab9ed0abdd59b24cfb046301eaf44a78e0b8b873596aba7eaa56cf02a2389aa7591eddf43c45d317a8467e713cc4ee98f7d0
-
SSDEEP
12288:fmwg6Guy1lexmRwefisAs5/d3Xh1lkxO7p/KviAgM9fLzJoPxxltyOqK4T:N/05/d3H6QQDXJuLyOq
Score10/10-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-