General
-
Target
6438c88f8a68fb3a9b78dbbdb54c08e8.exe
-
Size
280KB
-
Sample
220125-yw5kbaech3
-
MD5
6438c88f8a68fb3a9b78dbbdb54c08e8
-
SHA1
d7a491b8309bde3e246f814b4db99da5e8517963
-
SHA256
8cef0dc8479d3d0b88687c1ae17866e71de668c032bc2f9965e03e3f36993d60
-
SHA512
abd31a4144bef0b8442e4bb43d8a1ab1c7f9564c611d8706c418a1d620b130df81fd9ad52de28715569cc95bbf3aa20c8fb83ce5b6156b01cee56fedd6306164
Static task
static1
Behavioral task
behavioral1
Sample
6438c88f8a68fb3a9b78dbbdb54c08e8.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
6438c88f8a68fb3a9b78dbbdb54c08e8.exe
Resource
win10-en-20211208
Malware Config
Extracted
lokibot
http://137.184.118.248/sheng/logs/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6438c88f8a68fb3a9b78dbbdb54c08e8.exe
-
Size
280KB
-
MD5
6438c88f8a68fb3a9b78dbbdb54c08e8
-
SHA1
d7a491b8309bde3e246f814b4db99da5e8517963
-
SHA256
8cef0dc8479d3d0b88687c1ae17866e71de668c032bc2f9965e03e3f36993d60
-
SHA512
abd31a4144bef0b8442e4bb43d8a1ab1c7f9564c611d8706c418a1d620b130df81fd9ad52de28715569cc95bbf3aa20c8fb83ce5b6156b01cee56fedd6306164
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-