Behavioral task
behavioral1
Sample
656-54-0x0000000000400000-0x000000000068E000-memory.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
656-54-0x0000000000400000-0x000000000068E000-memory.exe
Resource
win10v2004-20221111-en
General
-
Target
656-54-0x0000000000400000-0x000000000068E000-memory.dmp
-
Size
2.6MB
-
MD5
c335bb82890ed6fc700a5a6caf870c65
-
SHA1
37fefa5bc2d0b5a9c9e9ef53461fec059bb49a6e
-
SHA256
8448bde2001cf49a93acc5ab829ed30bacdfdaee0a6a82cac5f55eacddbd2353
-
SHA512
e6335ec6a960de1ae16b7f4f143dd652bcd77e026b38e6bb86723f8a717ba4c4c340007096621c9221ab5debcd3488ae409960321cf5b67f137243019d187c00
-
SSDEEP
49152:qiDC5r0vYf3bnzi2CWgglVb4Fb8xxlyipaNuKh5M:tG5IvYfrn22CWgwEGV9ay
Malware Config
Extracted
lokibot
http://
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Lokibot family
Files
-
656-54-0x0000000000400000-0x000000000068E000-memory.dmp.exe windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 56KB - Virtual size: 128KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
P��ƅ�� Size: 4078.3MB - Virtual size: 5.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 512B - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lamrgbqw Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fcvrahws Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE