General
-
Target
1a87f1c88b9c07fbbff957ae4f2d934e_JaffaCakes118
-
Size
407KB
-
Sample
240506-dyv4faae22
-
MD5
1a87f1c88b9c07fbbff957ae4f2d934e
-
SHA1
ba1d29772bfa19c53b37b8be838accc287820cb4
-
SHA256
6237601555f9528aa33a32a2e47db8b5957a7ce469648dfd2b30c71b7408856a
-
SHA512
37bb8afd96be73bf3dc28782caf980286d006532fe774dae4b73f4d740793646f0ec0c054c3f4432d6af59057789812309c3e9171ce31596c3724a2507e198e7
-
SSDEEP
12288:x3tTmbdD6UFUF4LIkQfc8OsemOccGPXhHoI7aqM:xg6UFUFJR08Osvf7HM
Behavioral task
behavioral1
Sample
1a87f1c88b9c07fbbff957ae4f2d934e_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
lokibot
http://levi.petshopbuvara.rs/quakes/anel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1a87f1c88b9c07fbbff957ae4f2d934e_JaffaCakes118
-
Size
407KB
-
MD5
1a87f1c88b9c07fbbff957ae4f2d934e
-
SHA1
ba1d29772bfa19c53b37b8be838accc287820cb4
-
SHA256
6237601555f9528aa33a32a2e47db8b5957a7ce469648dfd2b30c71b7408856a
-
SHA512
37bb8afd96be73bf3dc28782caf980286d006532fe774dae4b73f4d740793646f0ec0c054c3f4432d6af59057789812309c3e9171ce31596c3724a2507e198e7
-
SSDEEP
12288:x3tTmbdD6UFUF4LIkQfc8OsemOccGPXhHoI7aqM:xg6UFUFJR08Osvf7HM
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-