Overview

overview

10

Static

static

10

2988-20-0x...ry.exe

windows7-x64

1

2988-20-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2988-20-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    1dbd9853d0e075def5fc9cb412d0e8c8

  • SHA1

    ea92bf7f9dc46ffde7aa841a23b01e54d24cd877

  • SHA256

    2655b31e8d1346c16674fedcabfb4fa6db18ba1ab544de85aacb6a3e3c4a32c1

  • SHA512

    3556e6d1ed37d615e12248f9639cf8bcd3d432ea44edce57d0c735bb8cfff4c113ce4233f4eb40541ff450c5323e88341a1a2c6e086d302157681ccfbddf13ee

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://163.123.143.202/_errorpages/size/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2988-20-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections