General
-
Target
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb
-
Size
144KB
-
Sample
220203-q1h8wahhc2
-
MD5
dca4bddba0c7c1c658ef5fe696aa9a25
-
SHA1
963260bdec038dfa22d43415360aa560c75a33d4
-
SHA256
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb
-
SHA512
74ec8e87841b9f4ca27b740609e119ecfe1c65b6f2ce3567ebb9b8664068f5742eda5ada79f9c2c9bdf0db0f5aa67eca0e6109735a43a5e2e475a912c440a885
Behavioral task
behavioral1
Sample
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
lokibot
http://dennismariman.com/giantech/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb
-
Size
144KB
-
MD5
dca4bddba0c7c1c658ef5fe696aa9a25
-
SHA1
963260bdec038dfa22d43415360aa560c75a33d4
-
SHA256
582923daab47911bd6216946e5e38e76b20019b19e863c2e3e146185253db2cb
-
SHA512
74ec8e87841b9f4ca27b740609e119ecfe1c65b6f2ce3567ebb9b8664068f5742eda5ada79f9c2c9bdf0db0f5aa67eca0e6109735a43a5e2e475a912c440a885
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-