General
-
Target
d81601b02629332411d2788bf2d04887.exe
-
Size
284KB
-
Sample
220125-vfpx5sbcan
-
MD5
d81601b02629332411d2788bf2d04887
-
SHA1
549c21b14e473ce091d78e7813dca84633d7cf9e
-
SHA256
9ac23aff214fbb52d4009b72d05fb6d51aacb1e62e447857c435745875d6b550
-
SHA512
2745d2f931f996ad98adfc75112e910343dfd8669fed2865f2c2e183cf2e554da9ea8e29b590b5d39b6b275c6f08136c336f9fb0f01fca49a6092b9a3959525d
Static task
static1
Behavioral task
behavioral1
Sample
d81601b02629332411d2788bf2d04887.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d81601b02629332411d2788bf2d04887.exe
Resource
win10-en-20211208
Malware Config
Extracted
lokibot
http://62.197.136.186/baba/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d81601b02629332411d2788bf2d04887.exe
-
Size
284KB
-
MD5
d81601b02629332411d2788bf2d04887
-
SHA1
549c21b14e473ce091d78e7813dca84633d7cf9e
-
SHA256
9ac23aff214fbb52d4009b72d05fb6d51aacb1e62e447857c435745875d6b550
-
SHA512
2745d2f931f996ad98adfc75112e910343dfd8669fed2865f2c2e183cf2e554da9ea8e29b590b5d39b6b275c6f08136c336f9fb0f01fca49a6092b9a3959525d
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-