General
-
Target
187aa5bb5b1fcbd1c95bf07e8dd41a2d_JaffaCakes118
-
Size
318KB
-
Sample
240505-t1eggaeh3s
-
MD5
187aa5bb5b1fcbd1c95bf07e8dd41a2d
-
SHA1
2daac5060582303143e6dac38993a23b0a2e91b0
-
SHA256
9e0f8248c9939e00f9281ae5fd7e7be72c50896789f99a94d482d954dfd03e71
-
SHA512
77ab8a8c56998be55514a909fc634bdc78ee323269e8ed632261796be8b0dd3fc6d0e8a4bcbdb0c7066ec6bf22c5b053e2790be8b77cab74f4da4b02e27443d2
-
SSDEEP
6144:nxq3UAEs8l7J2QYxfZdRSlGwtHKtQ92LQa29UjuJ5ngVdx4uO+m/F9ODgJP:x3Amd5wB3wRKe928a29dngbmPODgR
Static task
static1
Behavioral task
behavioral1
Sample
187aa5bb5b1fcbd1c95bf07e8dd41a2d_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
187aa5bb5b1fcbd1c95bf07e8dd41a2d_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://eastcoastrest.com/bit/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
187aa5bb5b1fcbd1c95bf07e8dd41a2d_JaffaCakes118
-
Size
318KB
-
MD5
187aa5bb5b1fcbd1c95bf07e8dd41a2d
-
SHA1
2daac5060582303143e6dac38993a23b0a2e91b0
-
SHA256
9e0f8248c9939e00f9281ae5fd7e7be72c50896789f99a94d482d954dfd03e71
-
SHA512
77ab8a8c56998be55514a909fc634bdc78ee323269e8ed632261796be8b0dd3fc6d0e8a4bcbdb0c7066ec6bf22c5b053e2790be8b77cab74f4da4b02e27443d2
-
SSDEEP
6144:nxq3UAEs8l7J2QYxfZdRSlGwtHKtQ92LQa29UjuJ5ngVdx4uO+m/F9ODgJP:x3Amd5wB3wRKe928a29dngbmPODgR
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-