General
-
Target
2e89cd9271ce8707e8d39ad3b96128c6_JaffaCakes118
-
Size
524KB
-
Sample
240510-ls824sbb46
-
MD5
2e89cd9271ce8707e8d39ad3b96128c6
-
SHA1
90be2881bf4702bfe0f905728ab284b783ffda45
-
SHA256
5720c60315d74bd03cbac4ff76f9357561723a412d92359d0b16fab556f00eea
-
SHA512
4f6ba8cf7627b97379212c7d246c0ba76b0c7a69019b6b85cfa2f30617eb43ce0785d6b6974ff1942971776b50838c6163256a1836f30cb405ac5abcce143850
-
SSDEEP
12288:HQPeWsDoNrXHvrfjM+lygoGE2AAxBme8KZrZNc:wPFsyXvjlfdE2L/me8K6
Static task
static1
Behavioral task
behavioral1
Sample
2e89cd9271ce8707e8d39ad3b96128c6_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2e89cd9271ce8707e8d39ad3b96128c6_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://kammies.co.za/fund/loki/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2e89cd9271ce8707e8d39ad3b96128c6_JaffaCakes118
-
Size
524KB
-
MD5
2e89cd9271ce8707e8d39ad3b96128c6
-
SHA1
90be2881bf4702bfe0f905728ab284b783ffda45
-
SHA256
5720c60315d74bd03cbac4ff76f9357561723a412d92359d0b16fab556f00eea
-
SHA512
4f6ba8cf7627b97379212c7d246c0ba76b0c7a69019b6b85cfa2f30617eb43ce0785d6b6974ff1942971776b50838c6163256a1836f30cb405ac5abcce143850
-
SSDEEP
12288:HQPeWsDoNrXHvrfjM+lygoGE2AAxBme8KZrZNc:wPFsyXvjlfdE2L/me8K6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-