General
-
Target
2f2eb5112ada90c348de197913849cbb_JaffaCakes118
-
Size
486KB
-
Sample
240510-pz63wafc2z
-
MD5
2f2eb5112ada90c348de197913849cbb
-
SHA1
5df81b865362edaf60e711f4e4cef7012c57f9e2
-
SHA256
17fdababc93ffe1f43cd5dd49d113ba0ee788e98542617bf0c13b328329215af
-
SHA512
c77dd372416ce8f1fccc725d3d5cc45db69e0c1dce2b2f4cf78ef54f01020468d055eb26050d0bb5bc6f1a49ff20a8df3131ed6d23a87de864bc32417b91d1fd
-
SSDEEP
12288:177BTZw1itFpG1XGK8kbviuUQw92ZOWi6lLeNxqP6qVZ:FtZ5t8W7kbviusEEKp/P6qVZ
Static task
static1
Behavioral task
behavioral1
Sample
2f2eb5112ada90c348de197913849cbb_JaffaCakes118.rtf
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f2eb5112ada90c348de197913849cbb_JaffaCakes118.rtf
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://alum-mit-edu.com/alum/mit/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2f2eb5112ada90c348de197913849cbb_JaffaCakes118
-
Size
486KB
-
MD5
2f2eb5112ada90c348de197913849cbb
-
SHA1
5df81b865362edaf60e711f4e4cef7012c57f9e2
-
SHA256
17fdababc93ffe1f43cd5dd49d113ba0ee788e98542617bf0c13b328329215af
-
SHA512
c77dd372416ce8f1fccc725d3d5cc45db69e0c1dce2b2f4cf78ef54f01020468d055eb26050d0bb5bc6f1a49ff20a8df3131ed6d23a87de864bc32417b91d1fd
-
SSDEEP
12288:177BTZw1itFpG1XGK8kbviuUQw92ZOWi6lLeNxqP6qVZ:FtZ5t8W7kbviusEEKp/P6qVZ
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-