Overview

overview

10

Static

static

10

2012-955-0...ry.exe

windows7-x64

1

2012-955-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2012-955-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    9a290cefe10b1778b194a73585c85065

  • SHA1

    0fe38e234c4138ff8a2c837b99f55edeaed05a21

  • SHA256

    a1b242cecdc918f1fdcb15702cd035e2e8eb4a8fc2b346fd06925e15bacc4693

  • SHA512

    824984b6f91dde7115e8c6e7b2c6439f1feffe38c4c9df47fcfedcef0fa7b073220ca996b91d9b6cd18d66b214f5fdc44b4914260ac2bfad56f82b85b6c0ddeb

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqCIzmd:nSHIG6mQwGmfOQd8YhY0/EfUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://139.99.153.82/pp/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2012-955-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections