Overview

overview

10

Static

static

10

1384-89-0x...ry.exe

windows7-x64

1

1384-89-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1384-89-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    a27bab0fbe4d1463522aca710e53d10c

  • SHA1

    be3647094a7e7757016e31611203eefe94842dbf

  • SHA256

    d30688da40ace4035282d149d958b8fbea576c68afb45a53e4d1eddb26ece3ae

  • SHA512

    91760a034492c7b98c58566ec44b1a4f72885cce2fa766034aeca05b59edc2c2be0562683bc2c4d6f9ac374b96f239fec38f8396f86b2e451ba96d759bf45c1f

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqHIzmd:nSHIG6mQwGmfOQd8YhY0/ESUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/line/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1384-89-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections