Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Lokibot #Malware
- -----------------------------------
- 15-06-2018 IOC's
- -----------------------------------
- Main object- "loki.exe"
- url http://redsseammgt.com/press/loki.exe
- sha256 1f128ae91227aa9102f04fc96b596b63728d5ff6b20e87acca89f10247278dcd
- sha1 de0216228ecca60102982e115c0ba7755004b5f8
- md5 e535d7e5a4112b50bb26df4e0f75fb98
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\subfolder\filename.exe 7398b288c6dd32fe9f9fac42113e55d9ed1f0a8480d64c227df0f562433476d7
- DNS requests
- domain baobabtreeevent.com
- Connections
- ip 45.122.138.6
- HTTP/HTTPS requests
- url http://baobabtreeevent.com/lbejulekki/fre.php
- -------------------------------------
- Main object- "gboygaloki.exe"
- url http://redsseammgt.com/gboyega/gboygaloki.exe
- sha256 70c1105616f0a0490308cdaf270376de211990ae2e5f041b496a6c3451ab04cd
- sha1 4090cd10d015bc6c03de0f6edf7f2ac746595908
- md5 753d8faf25d34b477050813685218619
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\subfolder\filename.exe 0c6a310c22e8d4c6be17e5e9c58f7ca480d342ee1b7629635776d23f15aff110
- DNS requests
- domain anchormarineqroup.com
- Connections
- ip 45.122.138.6
- HTTP/HTTPS requests
- url http://anchormarineqroup.com/loki4/fre.php
- --------------------------------------
- Main object- "lokisolda.exe"
- url http://redsseammgt.com/soldier/lokisolda.exe
- sha256 f1cd3af375430654bf5d4db067678e733dae49b8ec628c77032f4de382d23c38
- sha1 1c56a88bb02eb6198e5c890193caf0ac2d204221
- md5 0f0f5e1d5ffe3e69d54bf7f444ca2566
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\subfolder\filename.exe 2c95a0d5cc1e816e31e7f1398d2a3331b3b4e0a9d887c89185cb80c6edd725f8
- DNS requests
- domain anchormarineqroup.com
- Connections
- ip 45.122.138.6
- HTTP/HTTPS requests
- url http://anchormarineqroup.com/loki5/fre.php
- --------------------------------------
- Main object- "chi.exe"
- url http://redsseammgt.com/chidera/chi.exe
- sha256 46add591845b2a82b6130a9d5d8c2da528d605096f50cffcfb70199255a077e8
- sha1 385e9182423ea1f58e9737eacdc3419fdc3423c0
- md5 f173bb5ee88c4890f6e6f3ac7ae9ea31
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\subfolder\filename.exe b72649984b6e0bbfe5bab42cd45c5f988cec5900a0b6b2156757c0882819f22d
- DNS requests
- domain xanthis-gr.com
- Connections
- ip 45.122.138.116
- ip 2.16.186.120
- ip 104.89.34.252
- ip 2.16.186.97
- HTTP/HTTPS requests
- url http://xanthis-gr.com/loki4/fre.php
- ---------------------------------------
- Main object- "SCAN.exe"
- url http://llumar.moscow/administrator/XG/SCAN.exe
- sha256 93b1d159ba26c81d52af9d66a575489635fa3388377a0f85aa236c53dbbabeac
- sha1 33ce196889875164f550d1af168967293adeacfe
- md5 c374d53598b0ced7ebf0e28e73e1bb14
- DNS requests
- domain ipm-com.tk
- Connections
- ip 195.20.41.61
- HTTP/HTTPS requests
- url http://ipm-com.tk/flop/beez/fre.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement