Overview

overview

10

Static

static

10

776-91-0x0...ry.exe

windows7-x64

1

776-91-0x0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    776-91-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    32cae4da85ac80c534acac073a5d514e

  • SHA1

    58298b21da47f2f9280bf48cb34d2d217500421c

  • SHA256

    193f5c7bd9289edd6f3d294035f6f703eadebb888647340bb464f8a3700beb8c

  • SHA512

    0fd6d9606c0c9892d6b941aaa2e11b1f3dd09ad6e1c172b0ae7ab87ec7e6325a39b85871d186f7b6f617f7ef624f6afd68ffa9712a9dda82439607ab9194433a

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmdI:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/zang2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 776-91-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections