General
-
Target
1316ea0d29d6a351cef9f737ee69703e_JaffaCakes118
-
Size
524KB
-
Sample
240504-rk3g9abb45
-
MD5
1316ea0d29d6a351cef9f737ee69703e
-
SHA1
6354d6617364ecafd37c592a17169abc333be515
-
SHA256
29b8ee2a17c17aa1acf61f8b63e46bc897c47f9e66fd79422a6f8d0ffa19620f
-
SHA512
22dd5169623a35b52db0c3fdad7cd08028cbac3600c4a26854ec11bc64b974a95740afe7b003aa95608d6ef71659288280dcdacf031fc85abb858fee2d35cf19
-
SSDEEP
6144:Bcd6bUfFdXThUxQl/EQmYN1VsFpnPLGiPcSubetnUkYZc253/wXZtB:BwPXKx2qnpnjcSuitnxDA3op7
Behavioral task
behavioral1
Sample
1316ea0d29d6a351cef9f737ee69703e_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1316ea0d29d6a351cef9f737ee69703e_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://keftylador.xyz/LOKI/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1316ea0d29d6a351cef9f737ee69703e_JaffaCakes118
-
Size
524KB
-
MD5
1316ea0d29d6a351cef9f737ee69703e
-
SHA1
6354d6617364ecafd37c592a17169abc333be515
-
SHA256
29b8ee2a17c17aa1acf61f8b63e46bc897c47f9e66fd79422a6f8d0ffa19620f
-
SHA512
22dd5169623a35b52db0c3fdad7cd08028cbac3600c4a26854ec11bc64b974a95740afe7b003aa95608d6ef71659288280dcdacf031fc85abb858fee2d35cf19
-
SSDEEP
6144:Bcd6bUfFdXThUxQl/EQmYN1VsFpnPLGiPcSubetnUkYZc253/wXZtB:BwPXKx2qnpnjcSuitnxDA3op7
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-