General
-
Target
361552b7ba55faa7674c5d4056645927_JaffaCakes118
-
Size
1005KB
-
Sample
240511-xqcfxafe86
-
MD5
361552b7ba55faa7674c5d4056645927
-
SHA1
19332f6e9003e710e4b8503290f3380092ce77cc
-
SHA256
b84c2fdd9d94753d0937f76c55cc04024f5e50c4375c97ac8728104c464fd635
-
SHA512
afea36cee57841d1e64383edd86161ae54e42e4255a192de91e0c142c56eec3d800fb4902f496fda8c0e275d52a025568b9d31df4dbd238361a026c365233170
-
SSDEEP
12288:RpJI10GZWigk1EbnvrdCWp/EV6IaRCFdpkrs3KnNFpws7N6roYSgDYW+t3yw+:jsRWigkonvpv26RqMm0b77LgDc7+
Static task
static1
Behavioral task
behavioral1
Sample
361552b7ba55faa7674c5d4056645927_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
361552b7ba55faa7674c5d4056645927_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://c2books.ru/bu-x17/fred.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
361552b7ba55faa7674c5d4056645927_JaffaCakes118
-
Size
1005KB
-
MD5
361552b7ba55faa7674c5d4056645927
-
SHA1
19332f6e9003e710e4b8503290f3380092ce77cc
-
SHA256
b84c2fdd9d94753d0937f76c55cc04024f5e50c4375c97ac8728104c464fd635
-
SHA512
afea36cee57841d1e64383edd86161ae54e42e4255a192de91e0c142c56eec3d800fb4902f496fda8c0e275d52a025568b9d31df4dbd238361a026c365233170
-
SSDEEP
12288:RpJI10GZWigk1EbnvrdCWp/EV6IaRCFdpkrs3KnNFpws7N6roYSgDYW+t3yw+:jsRWigkonvpv26RqMm0b77LgDc7+
Score10/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-