General
-
Target
ff3a9b3e49d0dc6b0f91956d44a10b83_JaffaCakes118
-
Size
679KB
-
Sample
241219-kw98xaxpcs
-
MD5
ff3a9b3e49d0dc6b0f91956d44a10b83
-
SHA1
a309a98a10c9de52cf1d109eed34276220237a0a
-
SHA256
f513586a6714e75f26ce6068996b786f33711477f413ab918b5a736d6daca9a5
-
SHA512
c69887011b526f979bcdb7916ec3a6ab0f38246312ff37603658a610881de7676f51f156437594f7b83f69c820d16a332a89dc836f70f3e5ce57352349f7ff2c
-
SSDEEP
12288:UtzV7HK7zpxbBzMYQQxq4KwVKaPZN4vAjLR6S+t+Pi+khRO:iz8lrzU62da9P+t+Pi+q
Static task
static1
Behavioral task
behavioral1
Sample
ff3a9b3e49d0dc6b0f91956d44a10b83_JaffaCakes118.exe
Resource
win7-20241010-en
Malware Config
Extracted
lokibot
https://ecurs.ro/upgrade/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ff3a9b3e49d0dc6b0f91956d44a10b83_JaffaCakes118
-
Size
679KB
-
MD5
ff3a9b3e49d0dc6b0f91956d44a10b83
-
SHA1
a309a98a10c9de52cf1d109eed34276220237a0a
-
SHA256
f513586a6714e75f26ce6068996b786f33711477f413ab918b5a736d6daca9a5
-
SHA512
c69887011b526f979bcdb7916ec3a6ab0f38246312ff37603658a610881de7676f51f156437594f7b83f69c820d16a332a89dc836f70f3e5ce57352349f7ff2c
-
SSDEEP
12288:UtzV7HK7zpxbBzMYQQxq4KwVKaPZN4vAjLR6S+t+Pi+khRO:iz8lrzU62da9P+t+Pi+q
-
Lokibot family
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-