General
-
Target
fa0cfc7cdb30e169af308455c3cba96a_JaffaCakes118
-
Size
616KB
-
Sample
240927-j7dteataln
-
MD5
fa0cfc7cdb30e169af308455c3cba96a
-
SHA1
f4054047b1c5b234cbf9f5ff5c5e13e515287df0
-
SHA256
d309c7644924688608e64ff7f3c6ecca1885ffc843754f813f4ad61948b24119
-
SHA512
b4486af9d00ed9b03d8b828e7132add2459dd60ba9dbfacc2c52ec583fce76e279012e9107e6119b8d01250211d6534fe7af6a65088ba02c3250cd526c2b57f8
-
SSDEEP
12288:aaRMD9dYBUQbBqW86ndYu1fr+SnRzLOKk3:Ad06W86dz9rvza
Static task
static1
Behavioral task
behavioral1
Sample
fa0cfc7cdb30e169af308455c3cba96a_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
lokibot
http://caesragroup.com/king/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
fa0cfc7cdb30e169af308455c3cba96a_JaffaCakes118
-
Size
616KB
-
MD5
fa0cfc7cdb30e169af308455c3cba96a
-
SHA1
f4054047b1c5b234cbf9f5ff5c5e13e515287df0
-
SHA256
d309c7644924688608e64ff7f3c6ecca1885ffc843754f813f4ad61948b24119
-
SHA512
b4486af9d00ed9b03d8b828e7132add2459dd60ba9dbfacc2c52ec583fce76e279012e9107e6119b8d01250211d6534fe7af6a65088ba02c3250cd526c2b57f8
-
SSDEEP
12288:aaRMD9dYBUQbBqW86ndYu1fr+SnRzLOKk3:Ad06W86dz9rvza
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-