General
-
Target
0792989f119bbd40d5007b97dcd1686e_JaffaCakes118
-
Size
464KB
-
Sample
240429-nqagwahh7x
-
MD5
0792989f119bbd40d5007b97dcd1686e
-
SHA1
04b8ea7bd95bb0431f0ec449c8acde6e82dbc882
-
SHA256
f41b9c371e86408b1247d6465b36ba7134ca8c081580ad5fb0e913d215263ad3
-
SHA512
3a7ccac62d3b2fbbd84b77952e0d013da439bff39d4ffdd44bdcc9878e27bd4a20405c09b6a00edc4ffa986f3602bdee3350fbd5d14a3eaf2beba62bec9e067a
-
SSDEEP
6144:eEpmSltsbiQnYW3rGhPLLlI13JvQIFSb22PKKRaHoNuQQQQQO8:eEpubiQN3ahPnlPO222rYIN88
Static task
static1
Behavioral task
behavioral1
Sample
0792989f119bbd40d5007b97dcd1686e_JaffaCakes118.msi
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0792989f119bbd40d5007b97dcd1686e_JaffaCakes118.msi
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://angelbiss.space/html/1/8/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0792989f119bbd40d5007b97dcd1686e_JaffaCakes118
-
Size
464KB
-
MD5
0792989f119bbd40d5007b97dcd1686e
-
SHA1
04b8ea7bd95bb0431f0ec449c8acde6e82dbc882
-
SHA256
f41b9c371e86408b1247d6465b36ba7134ca8c081580ad5fb0e913d215263ad3
-
SHA512
3a7ccac62d3b2fbbd84b77952e0d013da439bff39d4ffdd44bdcc9878e27bd4a20405c09b6a00edc4ffa986f3602bdee3350fbd5d14a3eaf2beba62bec9e067a
-
SSDEEP
6144:eEpmSltsbiQnYW3rGhPLLlI13JvQIFSb22PKKRaHoNuQQQQQO8:eEpubiQN3ahPnlPO222rYIN88
Score10/10-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-