General

  • Target

    1444-146-0x0000000000400000-0x000000000062B000-memory.dmp

  • Size

    2.2MB

  • MD5

    2de9352d1fc20171fff340a52e8f1a53

  • SHA1

    c61695bfebe3535b1f0b67509c0cca817bf5bbbd

  • SHA256

    82b482145be2d419454d1bdba47c01f9b4e3eb90c1f51d29c4d4f2de386877d7

  • SHA512

    abfad605a3ccf5cd252f6811ec1096fa9b37c5b5a6bc950f634e71bf2d705fbc789867db96ae8fb6315586ac37febdca7e29727bf1f98659d3d26272b55bcac0

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqjIzmd:nSHIG6mQwGmfOQd8YhY0/ESUG

Score
10/10

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/chang3/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1444-146-0x0000000000400000-0x000000000062B000-memory.dmp
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections