Overview

overview

10

Static

static

10

1380-69-0x...ry.exe

windows7-x64

1

1380-69-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1380-69-0x0000000000400000-0x00000000004A5000-memory.dmp

  • Size

    660KB

  • MD5

    7de21bad058a1f90a362985cbce9c541

  • SHA1

    1b0d70747c4e4febb3e430662e4f44dd54aa3e25

  • SHA256

    94cf192ef627587098c3a6ce9834b0f3b90c40c57472d64eb7a45d1b953dc747

  • SHA512

    f0e62d7eb4bd10384c7f6e2d86dd5ebfafbd6b674cf0b0ab38fb5045fb6f456383b7856f830e064700d7438eb6cc5e580d38989e2b0732fb4b34e371c63005c5

  • SSDEEP

    1536:HgQLnwzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqTIzmdGbC:1nzSHIG6mQwGmfOQd8YhY0/E2UGG

Score
10/10
upxlokibot

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.161/starmoney/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx

Files

  • 1380-69-0x0000000000400000-0x00000000004A5000-memory.dmp
    .exe windows x86


    Headers

    Sections