General
-
Target
432e0c7502686e9481f9ca6789ad7abd_JaffaCakes118
-
Size
336KB
-
Sample
240514-1lhznsad23
-
MD5
432e0c7502686e9481f9ca6789ad7abd
-
SHA1
e762906f2796322d856f0b38bbe2a189324e7329
-
SHA256
41a4b1a20caa14c769accdc803196fcc6f70968ebe9f8acd867321f7cc46962e
-
SHA512
f994dc800a0c45738b6b1e8fe3f4f547abd9229e43717420125c292434d2abb7829936de10ad4393842a26c01fb887971d08121394a3d0326fbe13646681fac8
-
SSDEEP
6144:jEUCChbFhINvtvbO0yhNPh/UCkYxKLpdDKIqtlxq5q+9xpZu:jEEYfKZhNPJU9YORKlU5qO
Static task
static1
Behavioral task
behavioral1
Sample
432e0c7502686e9481f9ca6789ad7abd_JaffaCakes118.msi
Resource
win7-20240508-en
Malware Config
Extracted
lokibot
http://deloilte.com/wp-admin/user/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
432e0c7502686e9481f9ca6789ad7abd_JaffaCakes118
-
Size
336KB
-
MD5
432e0c7502686e9481f9ca6789ad7abd
-
SHA1
e762906f2796322d856f0b38bbe2a189324e7329
-
SHA256
41a4b1a20caa14c769accdc803196fcc6f70968ebe9f8acd867321f7cc46962e
-
SHA512
f994dc800a0c45738b6b1e8fe3f4f547abd9229e43717420125c292434d2abb7829936de10ad4393842a26c01fb887971d08121394a3d0326fbe13646681fac8
-
SSDEEP
6144:jEUCChbFhINvtvbO0yhNPh/UCkYxKLpdDKIqtlxq5q+9xpZu:jEEYfKZhNPJU9YORKlU5qO
-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-