Overview

overview

10

Static

static

10

816-81-0x0...ry.exe

windows7-x64

1

816-81-0x0...ry.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    816-81-0x0000000000400000-0x0000000000615000-memory.dmp

  • Size

    2.1MB

  • MD5

    f3e7c28a2e2059e3a4083dc1b7917c57

  • SHA1

    eeb945a7e275042a9f08d1f05520e53ba2a97fb1

  • SHA256

    bb9d28e58b05a340967a0bc21d51223e233694c1120251e1823b47e4b3c3d64a

  • SHA512

    ff328f9e33acfcc0a58e76dc68549884fda15a5ab6566d6a7c5f1f83159ccbb39e188afa90ab00ed6a34b85d4001c641c40ed9771c653ac86052ffe1e61184c2

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/Eq6Izmd:nSHIG6mQwGmfOQd8YhY0/EfUG

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=2123672169

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
    lokibot
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 816-81-0x0000000000400000-0x0000000000615000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections