General
-
Target
222798d2e71aff217d8f35b51f7348b2_JaffaCakes118
-
Size
1.1MB
-
Sample
240507-2827hagc35
-
MD5
222798d2e71aff217d8f35b51f7348b2
-
SHA1
85e732bfede0ecc912a728dfa18ed4b427841b4d
-
SHA256
965060d546bbf5722c35ee4f37b01e06a65efb2da321633f5da88a85ab7f4f93
-
SHA512
fb23755f9785e14f961b83e4f738a276e72f84e8830c6f9e632455eb8d3dc12ed25061faca635aa197c47bf17d0cad515834e728d76236adc1850405b3cc812c
-
SSDEEP
24576:adHPXnvcC964ukjOs1iq8ZqI1IT96tL1Y/54:a9vvM4sHq9QR
Static task
static1
Behavioral task
behavioral1
Sample
222798d2e71aff217d8f35b51f7348b2_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
222798d2e71aff217d8f35b51f7348b2_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://bixtoj.ga/92/30ddy/cat.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
222798d2e71aff217d8f35b51f7348b2_JaffaCakes118
-
Size
1.1MB
-
MD5
222798d2e71aff217d8f35b51f7348b2
-
SHA1
85e732bfede0ecc912a728dfa18ed4b427841b4d
-
SHA256
965060d546bbf5722c35ee4f37b01e06a65efb2da321633f5da88a85ab7f4f93
-
SHA512
fb23755f9785e14f961b83e4f738a276e72f84e8830c6f9e632455eb8d3dc12ed25061faca635aa197c47bf17d0cad515834e728d76236adc1850405b3cc812c
-
SSDEEP
24576:adHPXnvcC964ukjOs1iq8ZqI1IT96tL1Y/54:a9vvM4sHq9QR
Score10/10-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-