General
-
Target
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118
-
Size
618KB
-
Sample
240513-rqdq3sba39
-
MD5
3fe7c4d49366bb0a1dbb800e7e8062d3
-
SHA1
7913c3d1d6db3fd0e644abf8be9723d818044cb9
-
SHA256
9f90f234f9d7ce737d96ddb3046af3a6d078fe7ff348b2b590786fcaf00ff60a
-
SHA512
ab07b3bf835f3c0b57e9c21bb72cde4e0cd7d76b51344389042e94e8c6f1854041e057e767c53521f3c6d7b4f97055eabf0385675a679276c76517fff713ec8b
-
SSDEEP
12288:vglTze9q8m9QpQyrVH8X3ntvrwkg0uNk1H2xRNUI95F+mqoGFBQEzYbca:v8K9q8myrG3tvrH68ARNU45dqdFBQ/ca
Static task
static1
Behavioral task
behavioral1
Sample
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://babaseoa.com/cartel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3fe7c4d49366bb0a1dbb800e7e8062d3_JaffaCakes118
-
Size
618KB
-
MD5
3fe7c4d49366bb0a1dbb800e7e8062d3
-
SHA1
7913c3d1d6db3fd0e644abf8be9723d818044cb9
-
SHA256
9f90f234f9d7ce737d96ddb3046af3a6d078fe7ff348b2b590786fcaf00ff60a
-
SHA512
ab07b3bf835f3c0b57e9c21bb72cde4e0cd7d76b51344389042e94e8c6f1854041e057e767c53521f3c6d7b4f97055eabf0385675a679276c76517fff713ec8b
-
SSDEEP
12288:vglTze9q8m9QpQyrVH8X3ntvrwkg0uNk1H2xRNUI95F+mqoGFBQEzYbca:v8K9q8myrG3tvrH68ARNU45dqdFBQ/ca
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-