lokibot | b7d5f6e1396cc796d0067a5014c6909d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b7d5f6e1396cc796d0067a5014c6909d_JaffaCakes118
Size

3.8MB
MD5

b7d5f6e1396cc796d0067a5014c6909d
SHA1

9bcdd0663503e9d8b195a08496aa7922409ddb4b
SHA256

1e4bdcae748d01b78e7f8720ab1eca3658bf599af0b0e7cd6ba7e93a6f464208
SHA512

4389eed3d5a728d71071caaa5d28b880a53283a4f01c1c1661840bca928e2d49c879e41f543433445d2491b21385e44f5d23483e0c24d38902657f7cc10361eb
SSDEEP

24576:pqSZV+CHLZlTFGX5nZ5/wXodwXxJ0lft1Rx2Cg//DPpNGDjvvZV+CHLZlTFGXdQS:xZQnMLN+ZWnI

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

http://lbtem.flu.cc/ml/vrs/tmbr2/lok/panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot family
lokibot

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/pe_1fa9cf6d0b85cd9981c4b5d24d74fcf7
unpack001/pe_2c2ed389e4f3bed8e1378741b5b21dc4

Files

b7d5f6e1396cc796d0067a5014c6909d_JaffaCakes118
.tar
hashes_x86.json
mem_8d5dd195ee957fe084f462c91dcefa25
pe_1fa9cf6d0b85cd9981c4b5d24d74fcf7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pe_2c2ed389e4f3bed8e1378741b5b21dc4
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
section_571371416003b3c20b34bc8cef986dff
section_74fe8b293f2c1be0cecaa486eefecf81
section_7870ecd7ece9c03ab20f22234e8bb827
section_a61d3e4870d5f9ca8472b6c16412383b
section_fb8995153fdc091d70aad649654202be
snapshot_0_32.json
snapshot_1_32.json

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 535KB

.x Size: 8KB - Virtual size: 8KB