General
-
Target
5bd8073eb6ee3b48ed4be6e769f8b6e0_JaffaCakes118
-
Size
534KB
-
Sample
240519-2j8b8aee39
-
MD5
5bd8073eb6ee3b48ed4be6e769f8b6e0
-
SHA1
5906720656c80e96d3e35eeaaf48dbdc25236a7f
-
SHA256
d0919e2ea93d45755adec371d67a2c042a25a475c3f531b92d59d0270e8505e4
-
SHA512
6d8443b9a5d7b483ef8052b0de536483bfda875e1915d3c32d77d4b2bf1495768df28d54aa81cb391f4cb7ce74e3ded266166edc97abe60d82eb20fe287fb3b1
-
SSDEEP
12288:Hzcp3YHI+3q0vR7JZIibtiwN9wA3j+qeXA3JJkf+/u9ZGFQ:HrHh3qgJj1Nx3ypXG/4P
Static task
static1
Behavioral task
behavioral1
Sample
5bd8073eb6ee3b48ed4be6e769f8b6e0_JaffaCakes118.rtf
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
5bd8073eb6ee3b48ed4be6e769f8b6e0_JaffaCakes118.rtf
Resource
win10v2004-20240426-en
Malware Config
Extracted
lokibot
http://185.24.233.117/~zadmin/frb/cache.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5bd8073eb6ee3b48ed4be6e769f8b6e0_JaffaCakes118
-
Size
534KB
-
MD5
5bd8073eb6ee3b48ed4be6e769f8b6e0
-
SHA1
5906720656c80e96d3e35eeaaf48dbdc25236a7f
-
SHA256
d0919e2ea93d45755adec371d67a2c042a25a475c3f531b92d59d0270e8505e4
-
SHA512
6d8443b9a5d7b483ef8052b0de536483bfda875e1915d3c32d77d4b2bf1495768df28d54aa81cb391f4cb7ce74e3ded266166edc97abe60d82eb20fe287fb3b1
-
SSDEEP
12288:Hzcp3YHI+3q0vR7JZIibtiwN9wA3j+qeXA3JJkf+/u9ZGFQ:HrHh3qgJj1Nx3ypXG/4P
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-