lokibot | 1f20ca87e679bfd51e01bba9e5dd849d_JaffaCakes118 | Triage

Sharing

General

Target

1f20ca87e679bfd51e01bba9e5dd849d_JaffaCakes118
Size

854KB
MD5

1f20ca87e679bfd51e01bba9e5dd849d
SHA1

ed93c13502544a2875764ec481f3f8cbda91d7a7
SHA256

de6cdcb42eecc44262e86add137facf0765ab21e8130e4e6230ea9c53e1429ce
SHA512

4571dcdbd379bfd34c20dc0526c6b2e28cc1f1ba9ece2b7e48e7e1b04cc8858d6732fc8009101d9d9de2bb0ad3159417e51835e21c1c1f8a7ce5b28a9cf56786
SSDEEP

24576:z7kgagASQnu9fHHZwvK7gMFIKt8jQvMIUunwXK2:zkSQupZwvK8MFLt8jQvfwv

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

C2

http://dunysaki.ru/buch-x5/fred.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot family
lokibot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1f20ca87e679bfd51e01bba9e5dd849d_JaffaCakes118

Files

1f20ca87e679bfd51e01bba9e5dd849d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 390KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ