General
-
Target
10f00b9571c2ca08223254712e04cb34_JaffaCakes118
-
Size
224KB
-
Sample
240503-txxhwaba5z
-
MD5
10f00b9571c2ca08223254712e04cb34
-
SHA1
78776ff2a1031f021b4764069177d105b40998f2
-
SHA256
6dce87b276d0486a8d39d71e4c4f5834ff0f9b39c9af76e70f58c3b8d3397ce8
-
SHA512
f6a957f921a8ddcc3597c14161c3764f69f9f02429c6fcd9558bb10138258be29871135efcce86c6a38c68ccb3697cde7baa8402b3371eebcf17ecb12d3ea256
-
SSDEEP
6144:KkK5q1uHSmmVvwiFUl2UnwmsdpxsW4SYmOZnPWeQCSJ:B8tHSmmlwi5ysdp+hSYmOZnPWeQCS
Static task
static1
Behavioral task
behavioral1
Sample
10f00b9571c2ca08223254712e04cb34_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
10f00b9571c2ca08223254712e04cb34_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://144.172.73.237/ml/mxb-lok/panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
10f00b9571c2ca08223254712e04cb34_JaffaCakes118
-
Size
224KB
-
MD5
10f00b9571c2ca08223254712e04cb34
-
SHA1
78776ff2a1031f021b4764069177d105b40998f2
-
SHA256
6dce87b276d0486a8d39d71e4c4f5834ff0f9b39c9af76e70f58c3b8d3397ce8
-
SHA512
f6a957f921a8ddcc3597c14161c3764f69f9f02429c6fcd9558bb10138258be29871135efcce86c6a38c68ccb3697cde7baa8402b3371eebcf17ecb12d3ea256
-
SSDEEP
6144:KkK5q1uHSmmVvwiFUl2UnwmsdpxsW4SYmOZnPWeQCSJ:B8tHSmmlwi5ysdp+hSYmOZnPWeQCS
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-