General
-
Target
c09616002f0469de779f1bae96ff6aa1_JaffaCakes118
-
Size
448KB
-
MD5
c09616002f0469de779f1bae96ff6aa1
-
SHA1
cc40b98ff7bf6189c1b0ef50e6f51a5201562777
-
SHA256
524a6ad3419f2f18f609257b298bf1d6dd5bd01e7efe622bff75115cd92f59cf
-
SHA512
b1d628b0d119b1627b9bd8edade21a9eb515b483b488a4aafaf2f45d9fc6f3398113b8ce02f5320a8680e7996667b4c5d91d1a39772bfc592a3073cb405ac939
-
SSDEEP
12288:voJ0mTtfJRYNwPXK0dmt5nC4i/07WNWl:rwXK0dYnxi8SNWl
Score
10/10
Malware Config
Extracted
Family
lokibot
C2
http://emas-store.com/wp-includes/js/tinymce/themes/inlite/main/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Lokibot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
c09616002f0469de779f1bae96ff6aa1_JaffaCakes118
476f92c8f9ddbcb805cdc5c61fbc5635
Headers
Imports
Sections