General
-
Target
5cd0587c14844c61414b7a6a323134f7_JaffaCakes118
-
Size
1.1MB
-
Sample
240520-dclymsha2v
-
MD5
5cd0587c14844c61414b7a6a323134f7
-
SHA1
43f690535b85111120f7003e435f28a5d5206265
-
SHA256
145b991f227a3acea6c5477c254d60777509a6dcde022ca64a00af8cd02fa94f
-
SHA512
55c0d6a1862bb0edd827317229c235302f5c1d6699ee409b29b3b079241ab1561c979619a8ed811e99e31e1b076f0ef19afef70b9371eea4e55c3571c7ec8fa2
-
SSDEEP
24576:4RZc8SBe+COgQOAp9FIKc1LAaZyJ2y3uQnVQq7zGe3:4RZj+CNLASbQVP7L
Static task
static1
Behavioral task
behavioral1
Sample
5cd0587c14844c61414b7a6a323134f7_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5cd0587c14844c61414b7a6a323134f7_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
lokibot
http://lidgeys.ru/buch-k/fred.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
5cd0587c14844c61414b7a6a323134f7_JaffaCakes118
-
Size
1.1MB
-
MD5
5cd0587c14844c61414b7a6a323134f7
-
SHA1
43f690535b85111120f7003e435f28a5d5206265
-
SHA256
145b991f227a3acea6c5477c254d60777509a6dcde022ca64a00af8cd02fa94f
-
SHA512
55c0d6a1862bb0edd827317229c235302f5c1d6699ee409b29b3b079241ab1561c979619a8ed811e99e31e1b076f0ef19afef70b9371eea4e55c3571c7ec8fa2
-
SSDEEP
24576:4RZc8SBe+COgQOAp9FIKc1LAaZyJ2y3uQnVQq7zGe3:4RZj+CNLASbQVP7L
Score10/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-