Overview

overview

10

Static

static

10

2964-110-0...ry.exe

windows7-x64

1

2964-110-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2964-110-0x0000000000400000-0x0000000001462000-memory.dmp

  • Size

    16.4MB

  • MD5

    befb109c256f7301c509ecd811219f98

  • SHA1

    5be07f7f15803c3680179b680728d6005d707a28

  • SHA256

    9c5d26e8dbcc83e4ac85dd37d9fdfe54a82e17094b84913ef1c8cbcbb025b14b

  • SHA512

    ce1114caac6d2d951c7a85b2f3e1bc19b2de71cd2fc2a1a072cc4814ec952a9dd6d48aa6f70bdf78019900cedc2abd5a454aef623bdfd8d30145cb0fc703265a

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqzIzmd:nSHIG6mQwGmfOQd8YhY0/E2UG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/ksize/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2964-110-0x0000000000400000-0x0000000001462000-memory.dmp
    .exe windows x86


    Headers

    Sections