General
-
Target
1312-68-0x0000000000400000-0x000000000052A000-memory.dmp
-
Size
1.2MB
-
MD5
f60e3f6bf45f4fee7576419d62be6a0a
-
SHA1
201e4bceafb963b8db349166fc7023acabc945c3
-
SHA256
802d5e35f1c3c7abac4c71a91d1ab8868563431e63dbe7e3e300c2aa013ac385
-
SHA512
7263947f0caaab8ae68a7dca6e512b1accb60e407b0f96fcd95a3793c1de0a3ebdf2b0f579cdb0856bc714f5aa6979a93f83224003b948c43cb4c65e7e2df8fc
-
SSDEEP
6144:ncd6bUfFdXTXUIzYmbbbbbbbbH77777777rZAoJa:nwPXQOjbbbbbbbbH77777777rioJ
Score
10/10
Malware Config
Extracted
Family
lokibot
C2
http://matbin.com/doc/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Signatures
-
Lokibot family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1312-68-0x0000000000400000-0x000000000052A000-memory.dmp
Headers
Sections