General
-
Target
27a31bb63bd705c8f48ed9d0fe457349_JaffaCakes118
-
Size
724KB
-
Sample
240509-bs6a4saf7z
-
MD5
27a31bb63bd705c8f48ed9d0fe457349
-
SHA1
b51ed1f439b535f986f13480d65bb770e3817ad7
-
SHA256
40c8077131f4d635924d0948059b6a834a0bf5ad82692d67203deb715d065d91
-
SHA512
bc7b4df2dcc84ae735fb4aee364ab9f985cc4c7a39e8d7c6d5dff2cf437743751b599ac90ca798c643b261cbeefbdb5cf33f9ca7c722a7c104242304e000571b
-
SSDEEP
12288:HQPeWsDY0kXbI80vIsRdznAx9MEH+3yaOXGXav:wPFs0Xt0QGdzA3JSyajXQ
Static task
static1
Behavioral task
behavioral1
Sample
27a31bb63bd705c8f48ed9d0fe457349_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
27a31bb63bd705c8f48ed9d0fe457349_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://woodindustriesincs.com/book/file2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
27a31bb63bd705c8f48ed9d0fe457349_JaffaCakes118
-
Size
724KB
-
MD5
27a31bb63bd705c8f48ed9d0fe457349
-
SHA1
b51ed1f439b535f986f13480d65bb770e3817ad7
-
SHA256
40c8077131f4d635924d0948059b6a834a0bf5ad82692d67203deb715d065d91
-
SHA512
bc7b4df2dcc84ae735fb4aee364ab9f985cc4c7a39e8d7c6d5dff2cf437743751b599ac90ca798c643b261cbeefbdb5cf33f9ca7c722a7c104242304e000571b
-
SSDEEP
12288:HQPeWsDY0kXbI80vIsRdznAx9MEH+3yaOXGXav:wPFs0Xt0QGdzA3JSyajXQ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-