Overview

overview

10

Static

static

10

2580-68-0x...ry.exe

windows7-x64

1

2580-68-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2580-68-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    081c24055da0cecbe329c23e174eb228

  • SHA1

    53b67b1ec4cc4c2cf7bb6a466fdfee29cf560d66

  • SHA256

    5d55c5cfdbad30e613b85a3fb70bc79f17b976e4cf91f05ae6fdd897e6433d32

  • SHA512

    e9a04c8d52ce83584717993414a3d88c6c007e42e9023874edd650b4e6ef125d821376125d33303fd5b1c6047fd031f455ee77b2ba21361098c4433674b75b4b

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://216.128.145.196/~wellseconds/?p=751665478463158

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2580-68-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections