Overview

overview

10

Static

static

10

2524-23-0x...ry.exe

windows7-x64

1

2524-23-0x...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    2524-23-0x0000000000400000-0x00000000004F6000-memory.dmp

  • Size

    984KB

  • MD5

    936794f38fddca09e8697237915d4707

  • SHA1

    f3c409f305f2747c786123965b8f28cf9d62e9a6

  • SHA256

    420b06d4b2c5c1b2ae990511e9469879737b6031b4b2917a439be1e43a5107ee

  • SHA512

    f462ed0ce1aef22a0c6f1b7b5a6f70bcca862863161d1a2425e1d17fc40446a57ed10b86c70a7181ea8580739b1e3929dc05003459e808c59959af05cf5965fb

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqSIzmdnU1dNQkJ0eAoCUxswB:nSHIG6mQwGmfOQd8YhY0/ETUGS6+B7

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/a14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2524-23-0x0000000000400000-0x00000000004F6000-memory.dmp
    .exe windows:5 windows x86


    Headers

    Sections