Overview

overview

10

Static

static

10

220-1090-0...ry.exe

windows7-x64

1

220-1090-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    220-1090-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    e458c7bb0d393ae137c4681785e4ff74

  • SHA1

    cf62e8c30f8eadc2455b5f7cb95b29d4edea852f

  • SHA256

    7a89ce9c49b63824a7462ddf629df3076b6f2a1e373c9e8e541f5cced1b05ffa

  • SHA512

    a88fdb6f725e7921199ab20c1fa87beb5652c31dbfe27488c078644a631d113ee8771b87f498d0fc08d7efc6d42c7db83b7109e67cd170c1281e6c07b9e05e80

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqJIzmd:nSHIG6mQwGmfOQd8YhY0/EQUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://194.55.224.10/collins/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 220-1090-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections