SHARE
TWEET

#Lokibot_011018

VRad Oct 1st, 2018 (edited) 832 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #IOC #OptiData #VR #Lokibot #ACE #SCR
  2.  
  3. https://pastebin.com/AVWK3XsB
  4. https://radetskiy.wordpress.com/?s=Lokibot
  5.  
  6. email_headers
  7. --------------
  8. Received: from uk1.securemaster.net (unknown [109.203.117.220]) by mailsrv.victim.com with smtp
  9.         Mon, 01 Oct 2018 13:09:14 +0300
  10. Received: from [127.0.0.1] (port=53455 helo=uk1.securemaster.net)
  11.     by uk1.securemaster.net with esmtpa (Exim 4.91)
  12.     (envelope-from <trackingmail@dhl.com>)
  13.     id 1g6v1h-0000co-CM; Mon, 01 Oct 2018 17:02:05 +0700
  14. Date: Mon, 01 Oct 2018 17:02:05 +0700
  15. From: DHL EXPRESS <trackingmail@dhl.com>
  16. To: user1@victim.com:;
  17. Subject: DHL eDelivery: DHL/AWB1434XXXX66 (REMINDER)
  18. X-Sender: trackingmail@dhl.com
  19. User-Agent: Roundcube Webmail/1.3.3
  20.  
  21.  
  22. files
  23. --------------
  24. SHA-256 a070f08beb1ff29239324dac17e5a3b2fe09b0e3a9f904c11ecc5b47239b1919
  25. File name   DHL BILL OF LADING SHIPPING DELIVERY INVOICE.ace
  26. File size   283.49 KB
  27.  
  28. SHA-256 75317d3f83d1892cac8844f1dfc0ab965d949d8b156e64f292c9028e01a3ec40
  29. File name   DHL BILL OF LADING SHIPPING DELIVERY INVOICE.scr
  30. File size   575 KB
  31.  
  32. activity
  33. **************
  34.  
  35. proc
  36. --------------
  37.  
  38. netwrk
  39. --------------
  40. 45.122.138.6    lltagrain.com   POST /kelle/fre.php HTTP/1.0    Mozilla/4.08 (Charon; Inferno)
  41.  
  42. comp
  43. --------------
  44. DHL BILL OF LADING SHIPPING DELIVERY INVOICE.scr    2448    45.122.138.6    80 ESTABLISHED
  45. [System Process]    0   45.122.138.6    80  TIME_WAIT
  46.  
  47. persist
  48. --------------
  49. no
  50.  
  51. # # #
  52. https://www.virustotal.com/#/file/a070f08beb1ff29239324dac17e5a3b2fe09b0e3a9f904c11ecc5b47239b1919/detection
  53. https://www.virustotal.com/#/file/75317d3f83d1892cac8844f1dfc0ab965d949d8b156e64f292c9028e01a3ec40/detection
  54. https://analyze.intezer.com/#/analyses/fa5c33aa-461c-4903-a3fd-af7b6b9eb4d7
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top