Overview

overview

10

Static

static

10

2904-38-0x...ry.exe

windows7-x64

1

2904-38-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2904-38-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    8431437211d9489977acea5dc24a4d8f

  • SHA1

    3e120470c5ce3bceb0e9cd65c63060451ead928a

  • SHA256

    df77718f951140fa3cd0279be5b9bb8b524a379a332003862ec6ef961426731e

  • SHA512

    e1750cb7642b16525d2930be43424572eeed429626c7e2105f1896ccdd3ef898912b2419c8b032a4a530031a4cc07f0f1f682ef3e314b46d626893e87afe1990

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/a16/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2904-38-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections