General
-
Target
0ec671099338a885ecf699354bd327e1_JaffaCakes118
-
Size
351KB
-
Sample
240502-r1fy7adb27
-
MD5
0ec671099338a885ecf699354bd327e1
-
SHA1
b970b226ae75b9c41c4680172ebb39192e079727
-
SHA256
e8f587c973bb2b5185385665dd4b34da8839e2a941e2bb72d4398d2fbba6fdc3
-
SHA512
e4f9caae68e33e0efdbbb7ae1079556b2a771c2cfe5a8a7ec6538bf649d0d37f6902104f0dbc96b03e1d3129b13091943398575a87d2c96502dc5d8c8ad15cbf
-
SSDEEP
6144:mOijv8/XTkGxI6tca+uO89W8P7d112msqDGYOU:mcfDxI4ca+udI8J1lDpx
Static task
static1
Behavioral task
behavioral1
Sample
0ec671099338a885ecf699354bd327e1_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
0ec671099338a885ecf699354bd327e1_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://primausaha.net/uv/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0ec671099338a885ecf699354bd327e1_JaffaCakes118
-
Size
351KB
-
MD5
0ec671099338a885ecf699354bd327e1
-
SHA1
b970b226ae75b9c41c4680172ebb39192e079727
-
SHA256
e8f587c973bb2b5185385665dd4b34da8839e2a941e2bb72d4398d2fbba6fdc3
-
SHA512
e4f9caae68e33e0efdbbb7ae1079556b2a771c2cfe5a8a7ec6538bf649d0d37f6902104f0dbc96b03e1d3129b13091943398575a87d2c96502dc5d8c8ad15cbf
-
SSDEEP
6144:mOijv8/XTkGxI6tca+uO89W8P7d112msqDGYOU:mcfDxI4ca+udI8J1lDpx
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-