General
-
Target
13211c19de687935eb28655d46e89c92_JaffaCakes118
-
Size
344KB
-
Sample
240504-rtcyysbd66
-
MD5
13211c19de687935eb28655d46e89c92
-
SHA1
b88742d66fe44d64457fe242ec8a00afd296206a
-
SHA256
3d66d5f7c3be1c96ab2c40f90f990061cde265f8d937521cab9770bc51a12e1e
-
SHA512
3f01645acf63a0eefdd551e9f6669d748decfb68af16e312e3a3eb1dd61ee15a1d59e14cb859a9df908236a8332fce03972c0a976c7a0a16800f8d8caeaf416d
-
SSDEEP
3072:8u9kmXoYxtzjjcYhZuy2FJnieSx+3W9/2qaOZ2J3fTw3brv2W3kWC8/Z4gklizbV:/9kwoet3jLhr2FJieSzl2Bfkdry/lif
Static task
static1
Behavioral task
behavioral1
Sample
13211c19de687935eb28655d46e89c92_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
13211c19de687935eb28655d46e89c92_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://poeppelmannn.com/bik/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
13211c19de687935eb28655d46e89c92_JaffaCakes118
-
Size
344KB
-
MD5
13211c19de687935eb28655d46e89c92
-
SHA1
b88742d66fe44d64457fe242ec8a00afd296206a
-
SHA256
3d66d5f7c3be1c96ab2c40f90f990061cde265f8d937521cab9770bc51a12e1e
-
SHA512
3f01645acf63a0eefdd551e9f6669d748decfb68af16e312e3a3eb1dd61ee15a1d59e14cb859a9df908236a8332fce03972c0a976c7a0a16800f8d8caeaf416d
-
SSDEEP
3072:8u9kmXoYxtzjjcYhZuy2FJnieSx+3W9/2qaOZ2J3fTw3brv2W3kWC8/Z4gklizbV:/9kwoet3jLhr2FJieSzl2Bfkdry/lif
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-