General
-
Target
JaffaCakes118_1c81ccd5f63e8c0e7badba42e914986a
-
Size
391KB
-
Sample
250704-x412esyjs6
-
MD5
1c81ccd5f63e8c0e7badba42e914986a
-
SHA1
2bb31c1b75d1783a159ba1c2c988e2714d7e408d
-
SHA256
4534a730bda79047c7acddbfd145a16656ddfe456970bb3612201c7d20170853
-
SHA512
96bdbd7268cb6ffd6d1a6c0576b45f263cd153a30306071e57f9460b891086fb9538ff63428e90ad27b93cd17326d661253905840002c90c0d95f2714e81cfa7
-
SSDEEP
12288:Tb8G+jH56Vn74qWgPvWwYlMNd6aUmpPhOvo:wjH5CWgPv3Yud6gRMvo
Behavioral task
behavioral1
Sample
JaffaCakes118_1c81ccd5f63e8c0e7badba42e914986a.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
JaffaCakes118_1c81ccd5f63e8c0e7badba42e914986a.exe
Resource
win11-20250619-en
Malware Config
Extracted
lokibot
http://parkrosegroup.info/lewy/sun/ernest/solar/gem/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
JaffaCakes118_1c81ccd5f63e8c0e7badba42e914986a
-
Size
391KB
-
MD5
1c81ccd5f63e8c0e7badba42e914986a
-
SHA1
2bb31c1b75d1783a159ba1c2c988e2714d7e408d
-
SHA256
4534a730bda79047c7acddbfd145a16656ddfe456970bb3612201c7d20170853
-
SHA512
96bdbd7268cb6ffd6d1a6c0576b45f263cd153a30306071e57f9460b891086fb9538ff63428e90ad27b93cd17326d661253905840002c90c0d95f2714e81cfa7
-
SSDEEP
12288:Tb8G+jH56Vn74qWgPvWwYlMNd6aUmpPhOvo:wjH5CWgPv3Yud6gRMvo
-
Lokibot family
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-