Overview

overview

10

Static

static

10

8d1438f80d...c1.exe

windows7_x64

10

8d1438f80d...c1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1

  • Size

    765KB

  • MD5

    3b8b70e0baecdd864452c521b63e5859

  • SHA1

    7232e7d7e829fe3aebc4211bd33618d7405c279e

  • SHA256

    8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1

  • SHA512

    f7217a6a916bdb15d24a9b26319e8b18df764132f1f4ae9d78917e05f7cf8d7962130cac6c791967cd8cdd20014bccde1e1f5f3c127b053fb4adc65546d63b05

  • SSDEEP

    12288:O7jy340w4zsCQnFmTAa4arRRUwi1y/R49NPW1dTHOt9NBKpPXKEF6Os:O7jyVzFQnAP40gwi6RQPW1da9NB0XKEE

Score
10/10
neshtalokibot

Malware Config

Extracted

Family

lokibot

C2

http://ibexexpressint.com/courier/css/js/fiv/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Detect Neshta Payload 1 IoCs
  • Lokibot family
    lokibot
  • Neshta family
    neshta

Files

  • 8d1438f80d689978561c1ae7111c5af7beef49aa67e69039f27cd9b8340e2ac1
    .exe windows x86


    Code Sign

    Headers

    Sections