Overview

overview

10

Static

static

10

1752-94-0x...ry.exe

windows7-x64

1

1752-94-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1752-94-0x0000000000400000-0x00000000004A7000-memory.dmp

  • Size

    668KB

  • MD5

    1758134fd7fdc688d5b9731dff168701

  • SHA1

    623c43df3bcf20800dbc184e4bf82820bc39eac7

  • SHA256

    1f5ceb5f6c2efe5203737139f4ed740989a9b2ddac104f0fe85b5ffc52c1488f

  • SHA512

    581dc3e4c299d5dcec53129abffae21e58ed189f0a2f41e47c46b4302e8632c6d1be9ed964603c5f50d48085e0fbee1d1fc9eb1e104fbbbd303b2287d67861c0

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmdscEIn07ZX:nSHIG6mQwGmfOQd8YhY0/EqUGscEI07

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://146.19.233.219/trip/rx/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1752-94-0x0000000000400000-0x00000000004A7000-memory.dmp
    .exe windows x86


    Headers

    Sections