lokibot | 6b51938a3e6755bbbe2e7f6e864dce65002a858c3d9cb4a660630389b9eb9c86

General

Target

6b51938a3e6755bbbe2e7f6e864dce65002a858c3d9cb4a660630389b9eb9c86
Size

51KB
MD5

522230508919c896a3fdd533a4a6156b
SHA1

a1499b2d1bbbeb257a82d13d460b7ffde690c3c9
SHA256

6b51938a3e6755bbbe2e7f6e864dce65002a858c3d9cb4a660630389b9eb9c86
SHA512

88c8de470750b7c8523057a2e0db94b6814876dabeaf2cceff01c186e07991209c281213b1a2835c1c602672c0313b34d14fa71bc6c4f62a1bbbd42987f8442e
SSDEEP

768:xdY/AWKFGEcZneb5r/KbdmwW93CJY8q4/Jofkdj0cHXmh9RmxnrZComRYJzV:LYo1gTneb5r/+dmD9W5Jof2zHXkCxNR

Score

10^/10

lokibot

Family

lokibot

C2

http://104.248.205.66/index.php/17008709

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6914cfc39719a58e5d2757e6413590189f8ccd7e6183f45f794931be7638802d.exe

6b51938a3e6755bbbe2e7f6e864dce65002a858c3d9cb4a660630389b9eb9c86
.zip

Password: infected
6914cfc39719a58e5d2757e6413590189f8ccd7e6183f45f794931be7638802d.exe
.exe windows:5 windows x86 arch:x86

0239fd611af3d0e9b0c46c5837c80e09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo
freeaddrinfo
closesocket
WSAStartup
socket
send
recv
connect

kernel32

GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE