lokibot | 2c030514c8f3acf13476805c67a22811[.]exe | Triage

Submit
Reports

Overview

overview

Static

static

2c030514c8...11.exe

windows7-x64

2c030514c8...11.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2c030514c8f3acf13476805c67a22811.exe

Resource

win7-20221111-en

lokibot collection spyware stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

2c030514c8f3acf13476805c67a22811.exe

Resource

win10v2004-20221111-en

lokibot collection spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

General

Target

2c030514c8f3acf13476805c67a22811.exe
Size

104KB
MD5

2c030514c8f3acf13476805c67a22811
SHA1

9ca441fa63b9803ffd5dcb6f274076281c01ac2a
SHA256

4872ccaa8702d45ea34ec24c98d8af427507b12d37005da26efc4b2569df534e
SHA512

4cdf4f1483d562e75dbc41266584c8bacab04adc538e4ebd532e0671382bb17ed3526d4be7e254182b347ec8d5bd2edef685209f944ec02bc49b03e52ec747a1
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/fresh2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot family
lokibot

Files

2c030514c8f3acf13476805c67a22811.exe
.exe windows x86

0239fd611af3d0e9b0c46c5837c80e09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo
freeaddrinfo
closesocket
WSAStartup
socket
send
recv
connect

kernel32

GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

© 2018-2025

Terms | Privacy