General
-
Target
1eeb57c0877a06d18aa028e87d5158b4_JaffaCakes118
-
Size
1.0MB
-
Sample
240507-begetsec37
-
MD5
1eeb57c0877a06d18aa028e87d5158b4
-
SHA1
d086921faba08c2600d862b680b70a53a3bfb88e
-
SHA256
d8c8496ad93779966bb498f8749bae4b6cdf2e1bd46c75a341e81a19fefde4a3
-
SHA512
16303c9bcedbfe4c5d6c953e39a98014d7f355e1c6413f960094840fb9e7f581832cc54a0557cc81e3e212f48c82d6897bcbaa4bc3fdecb72043757349f153b1
-
SSDEEP
24576:zglru6TUwOFJqxotNMKoGAIp7WfJ8H7bDdwb6ju63uNF+:cSva65pE8XDVaNw
Static task
static1
Behavioral task
behavioral1
Sample
1eeb57c0877a06d18aa028e87d5158b4_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
1eeb57c0877a06d18aa028e87d5158b4_JaffaCakes118.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
lokibot
http://djanic.duckdns.org/fashion/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1eeb57c0877a06d18aa028e87d5158b4_JaffaCakes118
-
Size
1.0MB
-
MD5
1eeb57c0877a06d18aa028e87d5158b4
-
SHA1
d086921faba08c2600d862b680b70a53a3bfb88e
-
SHA256
d8c8496ad93779966bb498f8749bae4b6cdf2e1bd46c75a341e81a19fefde4a3
-
SHA512
16303c9bcedbfe4c5d6c953e39a98014d7f355e1c6413f960094840fb9e7f581832cc54a0557cc81e3e212f48c82d6897bcbaa4bc3fdecb72043757349f153b1
-
SSDEEP
24576:zglru6TUwOFJqxotNMKoGAIp7WfJ8H7bDdwb6ju63uNF+:cSva65pE8XDVaNw
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-