General
-
Target
3c446f2d0cee77569ec982c6e61dc084_JaffaCakes118
-
Size
770KB
-
Sample
240513-xf2caaac72
-
MD5
3c446f2d0cee77569ec982c6e61dc084
-
SHA1
d0a023fe4594d4198accc72f4aa2a2a61e07c359
-
SHA256
ae171529077af4bdec4a8612879c42e6808e7b51e37c436074440c3bd6ec3369
-
SHA512
7d44f00fb5ce91b361179bc6bbc9f619eaef7b77a023855e8fe09adff56793009c66eb3e6ce164c856ac9e46810dd2f9cd4e45d262da016296ed1029cf542263
-
SSDEEP
12288:uQ/ena6F83r+bPrsdB0L0gazjJsJNulttShwmAlzX+ObKAEgMfTs:NaaFabDs7btHlttqwm8XsVNTs
Static task
static1
Behavioral task
behavioral1
Sample
3c446f2d0cee77569ec982c6e61dc084_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3c446f2d0cee77569ec982c6e61dc084_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://mecharnise.ir/ea5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3c446f2d0cee77569ec982c6e61dc084_JaffaCakes118
-
Size
770KB
-
MD5
3c446f2d0cee77569ec982c6e61dc084
-
SHA1
d0a023fe4594d4198accc72f4aa2a2a61e07c359
-
SHA256
ae171529077af4bdec4a8612879c42e6808e7b51e37c436074440c3bd6ec3369
-
SHA512
7d44f00fb5ce91b361179bc6bbc9f619eaef7b77a023855e8fe09adff56793009c66eb3e6ce164c856ac9e46810dd2f9cd4e45d262da016296ed1029cf542263
-
SSDEEP
12288:uQ/ena6F83r+bPrsdB0L0gazjJsJNulttShwmAlzX+ObKAEgMfTs:NaaFabDs7btHlttqwm8XsVNTs
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-