General
-
Target
c1929c01d6adbb6635757097ff5d95d6_JaffaCakes118
-
Size
974KB
-
Sample
241204-jqttastmhk
-
MD5
c1929c01d6adbb6635757097ff5d95d6
-
SHA1
830557cd37d07a4b7a9a500fe0f1f5099d436e43
-
SHA256
fe11921cd872f4c76fa3d9698da1aeba5470bb58e6b64e7537d29b4a8980cf3c
-
SHA512
dfee7060eacacb8da3a3fac4e2b39995af27ca6a30d9ef609739346461d527db3a327f38446cb750e145a5348cc1b5855911576f31e3c1fbc4bff04d5e0ffbc2
-
SSDEEP
12288:83RFUa2iNwY05uYGrFDsugLcwLVvVfSkVylG5B7/I070JQ:na1W5uYGrFj+x5EsylwBR70JQ
Static task
static1
Behavioral task
behavioral1
Sample
c1929c01d6adbb6635757097ff5d95d6_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
lokibot
http://185.227.139.5/sxisodifntose.php/S7zr5v1fXI3Rb
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
c1929c01d6adbb6635757097ff5d95d6_JaffaCakes118
-
Size
974KB
-
MD5
c1929c01d6adbb6635757097ff5d95d6
-
SHA1
830557cd37d07a4b7a9a500fe0f1f5099d436e43
-
SHA256
fe11921cd872f4c76fa3d9698da1aeba5470bb58e6b64e7537d29b4a8980cf3c
-
SHA512
dfee7060eacacb8da3a3fac4e2b39995af27ca6a30d9ef609739346461d527db3a327f38446cb750e145a5348cc1b5855911576f31e3c1fbc4bff04d5e0ffbc2
-
SSDEEP
12288:83RFUa2iNwY05uYGrFDsugLcwLVvVfSkVylG5B7/I070JQ:na1W5uYGrFj+x5EsylwBR70JQ
-
Lokibot family
-
Looks for VirtualBox Guest Additions in registry
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1