General
-
Target
8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1
-
Size
765KB
-
Sample
220203-qf3rsahef9
-
MD5
3b8b70e0baecdd864452c521b63e5859
-
SHA1
7232e7d7e829fe3aebc4211bd33618d7405c279e
-
SHA256
8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1
-
SHA512
f7217a6a916bdb15d24a9b26319e8b18df764132f1f4ae9d78917e05f7cf8d7962130cac6c791967cd8cdd20014bccde1e1f5f3c127b053fb4adc65546d63b05
Behavioral task
behavioral1
Sample
8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1.exe
Resource
win7-en-20211208
Malware Config
Extracted
lokibot
http://ibexexpressint.com/courier/css/js/fiv/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1
-
Size
765KB
-
MD5
3b8b70e0baecdd864452c521b63e5859
-
SHA1
7232e7d7e829fe3aebc4211bd33618d7405c279e
-
SHA256
8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1
-
SHA512
f7217a6a916bdb15d24a9b26319e8b18df764132f1f4ae9d78917e05f7cf8d7962130cac6c791967cd8cdd20014bccde1e1f5f3c127b053fb4adc65546d63b05
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-