Overview

overview

10

Static

static

10

4908-1089-...ry.exe

windows7-x64

1

4908-1089-...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    4908-1089-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    aa9a51d843ca36e215865958eff81d1e

  • SHA1

    2d29659b0924345584c8158518b877b238b34f61

  • SHA256

    2ab452247ed6e46095711db9584dc52298660eb9bf5827120f59b6a03d19f6a7

  • SHA512

    e78d43fb6d2feb8b46eb8b769867f89b0436b3db43c099c1e060aa6aec6b87ac07c2a8b061f78aa57282a2ea48ee6599a264822405854dc21158c456ef934e31

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqmIzmd:nSHIG6mQwGmfOQd8YhY0/E7UG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://163.123.143.202/_errorpages/collins/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4908-1089-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows x86


    Headers

    Sections