General
-
Target
7c6df6ee9bfa7763e0a73747a49d26dcc2d4cfa59c5bae0394a57475b0ef11b8
-
Size
304KB
-
Sample
211103-yrsd7aega8
-
MD5
e5d3c34fe856e1c446f1e475dd234af6
-
SHA1
bb86dede95bee535bd99a00004904359bdea2bde
-
SHA256
7c6df6ee9bfa7763e0a73747a49d26dcc2d4cfa59c5bae0394a57475b0ef11b8
-
SHA512
5c3f93557874cb8393f042a9337f1446ac46d760f347be8b247a6c2b06cd299ff19b08affebd0d01f88c780b94fd687db3e2f710bc7cb94c8895228cd5a5a7d8
Static task
static1
Behavioral task
behavioral1
Sample
7c6df6ee9bfa7763e0a73747a49d26dcc2d4cfa59c5bae0394a57475b0ef11b8.exe
Resource
win10-en-20210920
Malware Config
Extracted
lokibot
http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7c6df6ee9bfa7763e0a73747a49d26dcc2d4cfa59c5bae0394a57475b0ef11b8
-
Size
304KB
-
MD5
e5d3c34fe856e1c446f1e475dd234af6
-
SHA1
bb86dede95bee535bd99a00004904359bdea2bde
-
SHA256
7c6df6ee9bfa7763e0a73747a49d26dcc2d4cfa59c5bae0394a57475b0ef11b8
-
SHA512
5c3f93557874cb8393f042a9337f1446ac46d760f347be8b247a6c2b06cd299ff19b08affebd0d01f88c780b94fd687db3e2f710bc7cb94c8895228cd5a5a7d8
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-