lokibot | d02bbcafacaa47e47160ad945fadd830_JaffaCakes118 | Triage

Sharing

General

Target

d02bbcafacaa47e47160ad945fadd830_JaffaCakes118
Size

104KB
MD5

d02bbcafacaa47e47160ad945fadd830
SHA1

65b4098f104c8d2ff0ca6c429f68891e7bce06a9
SHA256

f330a0bbd159a1ea97b058863b0584166acb725e83df47b13e359777d26c3c59
SHA512

d94d815a9c14e0907095c07376401049802297cd0a9ac643003583b5bf2ddd354927b87f73842f5b95ac1010fefc56c674768e70dfa488e95a3f2b3bb84b71b6
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

C2

http://emet-lmpex.com/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot family
lokibot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d02bbcafacaa47e47160ad945fadd830_JaffaCakes118

Files

d02bbcafacaa47e47160ad945fadd830_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0239fd611af3d0e9b0c46c5837c80e09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

getaddrinfo
freeaddrinfo
closesocket
WSAStartup
socket
send
recv
connect

kernel32

GetProcessHeap
HeapFree
HeapAlloc
SetLastError
GetLastError

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 535KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.x
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE