Overview

overview

10

Static

static

10

1692-956-0...ry.exe

windows7-x64

1

1692-956-0...ry.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    1692-956-0x0000000000400000-0x00000000004A2000-memory.dmp

  • Size

    648KB

  • MD5

    cd1624dc6a63a56ef7e82c9f912e8d4d

  • SHA1

    d62b341196f43141358c6808ee609243c3318d21

  • SHA256

    8b3a93faebaa992b59981ac4caf926ad63c3c64b236300f43a510099454f2420

  • SHA512

    7811a8485b1f74c96eae1afbcda115c4fbf62e53b3bbdecaed5fb28df3b39b0c45ba048587ff52e3103798848105692ea2b24a926064ee91d9772a90a93b4eaa

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/Eq+Izmd:nSHIG6mQwGmfOQd8YhY0/E7UG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://139.99.153.82/pp/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1692-956-0x0000000000400000-0x00000000004A2000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections