General
-
Target
1467e5920af5b2ca405f8bc59eaa80a7_JaffaCakes118
-
Size
240KB
-
Sample
240504-zgqnaadg35
-
MD5
1467e5920af5b2ca405f8bc59eaa80a7
-
SHA1
d0819767d1cc0e5571136ffac0d1227889a33a4e
-
SHA256
5f6867b74a86db4827da9c86c4e23601deea9bc553fe4cdf64b3fbb5fbbd5e1c
-
SHA512
b795038d768c3b735792ba110bbf8b9f0bbd37947ad85228257f15355a8a0bacd869161a84d504575b3bdc7bc2d3a1b21163f6ca35b3b5cdcc21421a8d6c1801
-
SSDEEP
6144:OXF/3al3iWAfyRA1Iyg/HdQzm7FbWV+6HyBf:gsyJyRHyg10m7MvSB
Static task
static1
Behavioral task
behavioral1
Sample
1467e5920af5b2ca405f8bc59eaa80a7_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1467e5920af5b2ca405f8bc59eaa80a7_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
lokibot
http://omann.ir/enes/offi/ce/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1467e5920af5b2ca405f8bc59eaa80a7_JaffaCakes118
-
Size
240KB
-
MD5
1467e5920af5b2ca405f8bc59eaa80a7
-
SHA1
d0819767d1cc0e5571136ffac0d1227889a33a4e
-
SHA256
5f6867b74a86db4827da9c86c4e23601deea9bc553fe4cdf64b3fbb5fbbd5e1c
-
SHA512
b795038d768c3b735792ba110bbf8b9f0bbd37947ad85228257f15355a8a0bacd869161a84d504575b3bdc7bc2d3a1b21163f6ca35b3b5cdcc21421a8d6c1801
-
SSDEEP
6144:OXF/3al3iWAfyRA1Iyg/HdQzm7FbWV+6HyBf:gsyJyRHyg10m7MvSB
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-