Overview

overview

10

Static

static

10

1480-1149-...ry.exe

windows7-x64

1

1480-1149-...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1480-1149-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    a0309b75d28106fa6e044fe4c16a2605

  • SHA1

    2a5eb4920e9622f6fc7ee5f3810a799089190700

  • SHA256

    cb4e4bbf972984d301f1b235d8c735cf06971f61dd9f63e8c5d0b59b75558b34

  • SHA512

    941e08a5fb420663dbc90a6f2423e7126cd43d9d9602440a451d96438edf848f1183a2025cd53f6a1057b91c4ceea577d1452b89f771578b9e1bccfed1a8ba3c

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqFIzmd:nSHIG6mQwGmfOQd8YhY0/EYUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://2.59.254.19/noko/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1480-1149-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections