General
-
Target
d26b79f2653547f7d7b4a5580a47d969.exe
-
Size
294KB
-
Sample
220223-ql86raaca8
-
MD5
d26b79f2653547f7d7b4a5580a47d969
-
SHA1
6e82af7ed6970fca7e1be62cf653742d072f1fba
-
SHA256
6f975378cb65fa40e27b22cd6676e4385b46cdb0df3111cb94530a8615516281
-
SHA512
f1d9c59cbeec45eb2fd5c97e45c970467f89d0754d96d49debd6b2f1957e834d696c99e1efda73321899d868c0b861703c9bdd19711e28f278059bea1fa7762a
Static task
static1
Behavioral task
behavioral1
Sample
d26b79f2653547f7d7b4a5580a47d969.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d26b79f2653547f7d7b4a5580a47d969.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
lokibot
http://164.90.194.235/?id=22044231991792986
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d26b79f2653547f7d7b4a5580a47d969.exe
-
Size
294KB
-
MD5
d26b79f2653547f7d7b4a5580a47d969
-
SHA1
6e82af7ed6970fca7e1be62cf653742d072f1fba
-
SHA256
6f975378cb65fa40e27b22cd6676e4385b46cdb0df3111cb94530a8615516281
-
SHA512
f1d9c59cbeec45eb2fd5c97e45c970467f89d0754d96d49debd6b2f1957e834d696c99e1efda73321899d868c0b861703c9bdd19711e28f278059bea1fa7762a
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-