General
-
Target
c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118
-
Size
729KB
-
Sample
240828-gsqhjsxfkc
-
MD5
c653666d1e83163fa4173a09ef16a8bb
-
SHA1
32598e3d7f6c73cad52ac1ecd6771d4587fdfbc5
-
SHA256
ba1fc31924f28c500e87979824415fbe4d2e08fde4591652c24734bcbc816fab
-
SHA512
a497ed6110593a5d91bfe99f96018ec4220ebaea697b19c84cc839646562952b54e265d042682659041465a11242f372691f20a28a1788349474f19d9ecb330d
-
SSDEEP
12288:UWNLJocWe3v4uG7aE0NLhJgV9fm0OXSeAkdjB2JfIz1WBtYvxnCVjyxYdbD+CNdY:/ocWoGmluVAxSULvJotYp0jyaUCOTMR8
Static task
static1
Behavioral task
behavioral1
Sample
c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118.rtf
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118.rtf
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
http://spacemc.com/admin/iyk/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c653666d1e83163fa4173a09ef16a8bb_JaffaCakes118
-
Size
729KB
-
MD5
c653666d1e83163fa4173a09ef16a8bb
-
SHA1
32598e3d7f6c73cad52ac1ecd6771d4587fdfbc5
-
SHA256
ba1fc31924f28c500e87979824415fbe4d2e08fde4591652c24734bcbc816fab
-
SHA512
a497ed6110593a5d91bfe99f96018ec4220ebaea697b19c84cc839646562952b54e265d042682659041465a11242f372691f20a28a1788349474f19d9ecb330d
-
SSDEEP
12288:UWNLJocWe3v4uG7aE0NLhJgV9fm0OXSeAkdjB2JfIz1WBtYvxnCVjyxYdbD+CNdY:/ocWoGmluVAxSULvJotYp0jyaUCOTMR8
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Drops desktop.ini file(s)
-