General
-
Target
1d9ae1b89c78cab4f57812ae8b16dfa8_JaffaCakes118
-
Size
803KB
-
Sample
240506-v37fpsfa75
-
MD5
1d9ae1b89c78cab4f57812ae8b16dfa8
-
SHA1
cd9ed18e4b742a208063b1370963ee7087102c3f
-
SHA256
83d9f8b84af56596090e1c343c5594b000491af525021892f692ff6a5bdbcafa
-
SHA512
76af9e2506be08ad696f41d6d6213e737f89cdaa230b523f08698b939a6de491452d4a4701c261d1c7338617c82c3723739e5c03bb77b15871e273d006c1b6d5
-
SSDEEP
12288:ab6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hO+OQyYamcFcV:TeSHhYRRxOVGcxJBdb1PQmcE
Static task
static1
Behavioral task
behavioral1
Sample
1d9ae1b89c78cab4f57812ae8b16dfa8_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d9ae1b89c78cab4f57812ae8b16dfa8_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://future--seafood.com/kaka/kaka2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1d9ae1b89c78cab4f57812ae8b16dfa8_JaffaCakes118
-
Size
803KB
-
MD5
1d9ae1b89c78cab4f57812ae8b16dfa8
-
SHA1
cd9ed18e4b742a208063b1370963ee7087102c3f
-
SHA256
83d9f8b84af56596090e1c343c5594b000491af525021892f692ff6a5bdbcafa
-
SHA512
76af9e2506be08ad696f41d6d6213e737f89cdaa230b523f08698b939a6de491452d4a4701c261d1c7338617c82c3723739e5c03bb77b15871e273d006c1b6d5
-
SSDEEP
12288:ab6mCM9sXHh9BoRPqsxOVKuS5r70xwgeqh043L97/hO+OQyYamcFcV:TeSHhYRRxOVGcxJBdb1PQmcE
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-