General
-
Target
14a401e67aa69cbfa1ecfc7edb3a7b50_JaffaCakes118
-
Size
472KB
-
Sample
240504-1srv6aff25
-
MD5
14a401e67aa69cbfa1ecfc7edb3a7b50
-
SHA1
6a0f7194dd3a1afa09e4079e195a1614c7db7d63
-
SHA256
c0e1e1211fb58212c3fe660f4a76d87ef6f7635b10f2d343226da0b77b262d96
-
SHA512
4fb4db8edec695a6cad18ef607fc59d95cdcd4d2cd3df1cbdba4199c91ce5891fb490ba1eaef1c5b55bf134eaa20a313aa2c864a5fa0526d835b83e74b66320b
-
SSDEEP
12288:7pswxaQjP6EBQOFSKY5cQywr9veDyHHiHV7Znyt:7psw36GQOpY5c/wkHXY
Static task
static1
Behavioral task
behavioral1
Sample
14a401e67aa69cbfa1ecfc7edb3a7b50_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
14a401e67aa69cbfa1ecfc7edb3a7b50_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://hs-bc-grps.com/file/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
14a401e67aa69cbfa1ecfc7edb3a7b50_JaffaCakes118
-
Size
472KB
-
MD5
14a401e67aa69cbfa1ecfc7edb3a7b50
-
SHA1
6a0f7194dd3a1afa09e4079e195a1614c7db7d63
-
SHA256
c0e1e1211fb58212c3fe660f4a76d87ef6f7635b10f2d343226da0b77b262d96
-
SHA512
4fb4db8edec695a6cad18ef607fc59d95cdcd4d2cd3df1cbdba4199c91ce5891fb490ba1eaef1c5b55bf134eaa20a313aa2c864a5fa0526d835b83e74b66320b
-
SSDEEP
12288:7pswxaQjP6EBQOFSKY5cQywr9veDyHHiHV7Znyt:7psw36GQOpY5c/wkHXY
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-