General
-
Target
2e3794c246b2692357c84d67a63eee8a_JaffaCakes118
-
Size
916KB
-
Sample
240510-kbp28sga59
-
MD5
2e3794c246b2692357c84d67a63eee8a
-
SHA1
6e4831f1fff710b0b85db2284077d1babcfff07c
-
SHA256
e32e5feb177767ae1460812431ca445d2878a94d7730b75954787ae56f279c90
-
SHA512
1830636041c17abe43ebbeac806176177a3c3e509c9b7bc1b66166c14ccf42f82743f73edabd19be729b0b09a31736e149c16962f1c36fc273223a7c58a6f5f0
-
SSDEEP
12288:xEm8Elt9sHIoUJWgt46eeZZJEIdHH4hiXmVOJ8Ah3yUr2:xEytTQgtl7ZZGiHqi2omA
Static task
static1
Behavioral task
behavioral1
Sample
2e3794c246b2692357c84d67a63eee8a_JaffaCakes118.msi
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2e3794c246b2692357c84d67a63eee8a_JaffaCakes118.msi
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://31.220.2.120/~jhjgr/wp/wp-admin/includes/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2e3794c246b2692357c84d67a63eee8a_JaffaCakes118
-
Size
916KB
-
MD5
2e3794c246b2692357c84d67a63eee8a
-
SHA1
6e4831f1fff710b0b85db2284077d1babcfff07c
-
SHA256
e32e5feb177767ae1460812431ca445d2878a94d7730b75954787ae56f279c90
-
SHA512
1830636041c17abe43ebbeac806176177a3c3e509c9b7bc1b66166c14ccf42f82743f73edabd19be729b0b09a31736e149c16962f1c36fc273223a7c58a6f5f0
-
SSDEEP
12288:xEm8Elt9sHIoUJWgt46eeZZJEIdHH4hiXmVOJ8Ah3yUr2:xEytTQgtl7ZZGiHqi2omA
Score10/10-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-