Overview

overview

10

Static

static

10

1412-140-0...ry.exe

windows7-x64

1

1412-140-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1412-140-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    5bc4f1b734e5155ba8554718ae943850

  • SHA1

    bc0d78b5d6a8c8a0a9789d974282f8b34a7f278c

  • SHA256

    e0ff887ca4ee078e6cc2bf7f3f65a1202a5a00e51ebf868b21cd67dc95c89030

  • SHA512

    801c97b154b16b3581662022404ea71bf98ad5d04db726732f23241ba4762c48fd067e0cd3ffbc6fa41eb76e3197c60ebf24f99778b6a89f32fe0275a8e6eed6

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://194.180.48.58/size/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1412-140-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections