General
-
Target
12fe972a8fe52495e33027a68a4ea5f3_JaffaCakes118
-
Size
789KB
-
Sample
240504-q2wwcsae37
-
MD5
12fe972a8fe52495e33027a68a4ea5f3
-
SHA1
fa2e5dd0504a0c3423f8cd0181328e2016f195ed
-
SHA256
40f2f1e9999503658de2bfdaa765a1d8fa58e130b0bbe79845ccf319b5a2199d
-
SHA512
550f0f5f461eb89f1e5081255d9da63991f83d569cf047dedea3ecb570494f1635379c71cb943fe950fc1283e854e157bf11c7767cda4970f218ffc7e45db777
-
SSDEEP
12288:X+WhWEyIuRKMDWn2sBsu6IeC5b+ewcY3OqG1EA93+0wTQOdT3DWnyQ:XIRIGPDWn2p2eC97xEARmQOdDDWn3
Static task
static1
Behavioral task
behavioral1
Sample
12fe972a8fe52495e33027a68a4ea5f3_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
12fe972a8fe52495e33027a68a4ea5f3_JaffaCakes118.rtf
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://saimdyemaster.com/arlai/foodz/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
12fe972a8fe52495e33027a68a4ea5f3_JaffaCakes118
-
Size
789KB
-
MD5
12fe972a8fe52495e33027a68a4ea5f3
-
SHA1
fa2e5dd0504a0c3423f8cd0181328e2016f195ed
-
SHA256
40f2f1e9999503658de2bfdaa765a1d8fa58e130b0bbe79845ccf319b5a2199d
-
SHA512
550f0f5f461eb89f1e5081255d9da63991f83d569cf047dedea3ecb570494f1635379c71cb943fe950fc1283e854e157bf11c7767cda4970f218ffc7e45db777
-
SSDEEP
12288:X+WhWEyIuRKMDWn2sBsu6IeC5b+ewcY3OqG1EA93+0wTQOdT3DWnyQ:XIRIGPDWn2p2eC97xEARmQOdDDWn3
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-