General
-
Target
44f965d103c7a2fcb3b17805b26c1685_JaffaCakes118
-
Size
220KB
-
Sample
240515-hm4zesea65
-
MD5
44f965d103c7a2fcb3b17805b26c1685
-
SHA1
060c89154b9f4068e03b56c85fff0c4767c01640
-
SHA256
177df9c2afabce465238c73c74e730a202afc0ca44e4420fb3bacb1aaf09caac
-
SHA512
4b93fcac8da014a53a142dbeafab3172610b294780114f640d95196ffad7b50dd8662f5f8dff2fa1d65850a2e1b23ecc91d19731fba28b3156a7a660b5ad8d5a
-
SSDEEP
3072:pG94AUemxoqg0EKTSLZPewRsgGn2bmHazP11L+25jFFOXxf2wvP3hlzh:k5dlP1Royj1w25BFO52wvP3b
Static task
static1
Behavioral task
behavioral1
Sample
44f965d103c7a2fcb3b17805b26c1685_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
44f965d103c7a2fcb3b17805b26c1685_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://kenabee.in/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
44f965d103c7a2fcb3b17805b26c1685_JaffaCakes118
-
Size
220KB
-
MD5
44f965d103c7a2fcb3b17805b26c1685
-
SHA1
060c89154b9f4068e03b56c85fff0c4767c01640
-
SHA256
177df9c2afabce465238c73c74e730a202afc0ca44e4420fb3bacb1aaf09caac
-
SHA512
4b93fcac8da014a53a142dbeafab3172610b294780114f640d95196ffad7b50dd8662f5f8dff2fa1d65850a2e1b23ecc91d19731fba28b3156a7a660b5ad8d5a
-
SSDEEP
3072:pG94AUemxoqg0EKTSLZPewRsgGn2bmHazP11L+25jFFOXxf2wvP3hlzh:k5dlP1Royj1w25BFO52wvP3b
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-