Overview

overview

10

Static

static

10

2052-75-0x...ry.exe

windows7-x64

1

2052-75-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2052-75-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    70b10d8f4297d24085e780a119a9761b

  • SHA1

    672f9ae8118a80793d602e85992ee3afbc85e598

  • SHA256

    ad6b1df73068390672e675c1798cdc65d40b4ed7d52b5940408d9759ea9ed8dc

  • SHA512

    dcba18163616ec1cac0be60c09c637657e700cd0904038f6164ce7def1cffd0f51d09d2d66e4f2824eb21a319f6883a67cb9a591eb22a4c87b8df45e26ab8207

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://216.128.145.196/~wellseconds/?p=65575353786827

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2052-75-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections