Overview

overview

10

Static

static

10

944-67-0x0...ry.exe

windows7-x64

1

944-67-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    944-67-0x0000000000400000-0x00000000004A5000-memory.dmp

  • Size

    660KB

  • MD5

    afaa6ee855a29554f9bbd4c24e2bcf67

  • SHA1

    c3363e38b275c74d295d4f2606ffaa18da2bcf65

  • SHA256

    9499449c0f061421f6f17d68adff203ad5929cb902de9b14177320c5e169bf64

  • SHA512

    ec17c1139dc43c9f142e9ba32647bbab668eb23604a20cb2e0726bdd4ffbff28a626d7e63e913be53c8d7a844367fc2d437b32580e8378edf28ef9ab377eb56b

  • SSDEEP

    1536:HgQLnwzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmdpbC:1nzSHIG6mQwGmfOQd8YhY0/EGUGp

Score
10/10
upxlokibot

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.161/starmoney/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • 944-67-0x0000000000400000-0x00000000004A5000-memory.dmp
    .exe windows x86


    Headers

    Sections