General
-
Target
d10802a1d8dc26fb051bfc094b9df5f2_JaffaCakes118
-
Size
1005KB
-
Sample
240907-el4eqateqk
-
MD5
d10802a1d8dc26fb051bfc094b9df5f2
-
SHA1
298773d29a60ae7e61d706981e9645858eb15e76
-
SHA256
90b927e6a1137c0a5b0e745fc4e15c6740dc874fc42dded08f12ba925beb7a4b
-
SHA512
1b2e80f1f294f5c4a26ae310711013b8e871e87b2ba4cca8fdd0383ef76015e2969ea38dd702e791578a3f92900b01c719b249697db7049fb18254041ddce004
-
SSDEEP
12288:LpJI10GZWigk1EbnvrdCWp/EV6CUm20F0iLs8ouaih+NTKYlKhPk5f1jDjNt76Sa:NsRWigkonvpv26CUBxnihaTsaN7+SeN
Static task
static1
Behavioral task
behavioral1
Sample
d10802a1d8dc26fb051bfc094b9df5f2_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d10802a1d8dc26fb051bfc094b9df5f2_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
http://replaxed.ru/amb-1/fred.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d10802a1d8dc26fb051bfc094b9df5f2_JaffaCakes118
-
Size
1005KB
-
MD5
d10802a1d8dc26fb051bfc094b9df5f2
-
SHA1
298773d29a60ae7e61d706981e9645858eb15e76
-
SHA256
90b927e6a1137c0a5b0e745fc4e15c6740dc874fc42dded08f12ba925beb7a4b
-
SHA512
1b2e80f1f294f5c4a26ae310711013b8e871e87b2ba4cca8fdd0383ef76015e2969ea38dd702e791578a3f92900b01c719b249697db7049fb18254041ddce004
-
SSDEEP
12288:LpJI10GZWigk1EbnvrdCWp/EV6CUm20F0iLs8ouaih+NTKYlKhPk5f1jDjNt76Sa:NsRWigkonvpv26CUBxnihaTsaN7+SeN
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-