Overview

overview

10

Static

static

10

2748-1222-...ry.exe

windows7-x64

1

2748-1222-...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2748-1222-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    da77a8b47c0c3ac0e589135a7062f6df

  • SHA1

    fca189346036a0c2cc81fdeaef8e08d9cc54661f

  • SHA256

    0a29d76302939cee2d5d4cd99268e002b9294efd3ebd0c5377adf7072f16a9c1

  • SHA512

    919b4c002a922fc4c5e20b4bc2f2dda967413fa83b162d3920be3939486c412ab7f24e0affcf8c1560c2b3b4953954b36aaead9f47fa4d06292857fa2b885776

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqhIzmd:nSHIG6mQwGmfOQd8YhY0/EAUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://79.110.48.215/thirdugo/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2748-1222-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections