General
-
Target
688-17-0x0000000000400000-0x00000000004A2000-memory.dmp
-
Size
648KB
-
MD5
3388cceb8c3a10ebb87717aaa46d07ec
-
SHA1
32de176764135fa294b99c71615ff6278c966698
-
SHA256
ec26cf95ca99462312d9ea50bb742d77582e42a80bf0737e7672e1d1bd30da36
-
SHA512
f17004f07342d13e767037ec3cc72502aa05080f957afed244c74e46d3191552974a4d75113583ce4b93675e5d27994afb537f74bc58852d3b7c7ea06e81f971
-
SSDEEP
1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score
10/10
Malware Config
Extracted
Family
lokibot
C2
https://miners-gold.com/deddd/lokinew/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Lokibot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
688-17-0x0000000000400000-0x00000000004A2000-memory.dmp
Headers
Sections