General
-
Target
029eb98299179f49091147d34fad1ea6_JaffaCakes118
-
Size
243KB
-
Sample
240930-wnhz8sybrp
-
MD5
029eb98299179f49091147d34fad1ea6
-
SHA1
4284cc0cf7029dc27558ee8c61f7e49248db67ea
-
SHA256
e9e3490df4628c80e10723892c75cd036d340e4a09ca9527c5710e1b01e3847a
-
SHA512
9c00f00d034270e1dcbf1bcbbfb19c666d2e3e282dfe0070fdc15504f3111e27d6491990047c2dcd587a3a61cd12bb184df281ad09166ffbcfaa75876713f54c
-
SSDEEP
6144:+5DLv1td3qE1FZon9Xvt6Qt/5o6WP56vw6d:cv1qWfo9XvMQrCr6d
Static task
static1
Behavioral task
behavioral1
Sample
029eb98299179f49091147d34fad1ea6_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
029eb98299179f49091147d34fad1ea6_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/EgoLIndJyyfQs
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
029eb98299179f49091147d34fad1ea6_JaffaCakes118
-
Size
243KB
-
MD5
029eb98299179f49091147d34fad1ea6
-
SHA1
4284cc0cf7029dc27558ee8c61f7e49248db67ea
-
SHA256
e9e3490df4628c80e10723892c75cd036d340e4a09ca9527c5710e1b01e3847a
-
SHA512
9c00f00d034270e1dcbf1bcbbfb19c666d2e3e282dfe0070fdc15504f3111e27d6491990047c2dcd587a3a61cd12bb184df281ad09166ffbcfaa75876713f54c
-
SSDEEP
6144:+5DLv1td3qE1FZon9Xvt6Qt/5o6WP56vw6d:cv1qWfo9XvMQrCr6d
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-