General
-
Target
7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
-
Size
253KB
-
Sample
220304-cx6ccaddb8
-
MD5
2f08b467db5be4f98d7b26aabfb60a27
-
SHA1
d4c1ecbfddeb313a7defef708e4b759c830cc452
-
SHA256
7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
-
SHA512
8be430ce98ee067a8c7c8a8cd831973452ad829c9d25104d1f9905779d9de7f80f917a7eebee5ba70e560f989314742ad879c3e029231c5e0567d0a73739bfd6
Static task
static1
Behavioral task
behavioral1
Sample
7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
lokibot
http://164.90.194.235/?id=22044231991792986
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
-
Size
253KB
-
MD5
2f08b467db5be4f98d7b26aabfb60a27
-
SHA1
d4c1ecbfddeb313a7defef708e4b759c830cc452
-
SHA256
7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
-
SHA512
8be430ce98ee067a8c7c8a8cd831973452ad829c9d25104d1f9905779d9de7f80f917a7eebee5ba70e560f989314742ad879c3e029231c5e0567d0a73739bfd6
-
Modifies system executable filetype association
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-