Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Lokibot #Banker #Malware
- -----------------------------------
- 20-06-2018 IOC's
- -----------------------------------
- Main object- "PO.exe"
- sha256 424a07585c038c6ff65f9a7e1b9542792355581c6a55d51b5673c44ffb3e6943
- sha1 43fb8839d9b40773dd62baa3c4b4a1218b43ea08
- md5 be308614407f41e935ac70166a90473d
- DNS requests
- domain paylesssignandprinters.ca
- Connections
- ip 69.90.161.175
- ip 2.16.186.120
- ip 23.211.9.92
- ip 2.16.186.97
- HTTP/HTTPS requests
- url http://paylesssignandprinters.ca/dede/panel/fre.php
- -----------------------------------
- Main object- "payment.exe"
- url http://www.mimicbngovy.ru/aristotle/payment.exe
- sha256 1466b8e3c1defeb4e705fee6fed6bc4f671ba9dcb4d3f074ecfa46540d04b3dc
- sha1 edc7c8c00dfc213c29333b7cd55ffc578b03fa56
- md5 8e8ec0fff8505fb84ef2fe39adafb08d
- Dropped executable file
- sha256 C:\Users\admin\AppData\Local\Temp\nszAE01.tmp\System.dll fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- DNS requests
- domain whopetithelp.ru
- Connections
- ip 185.6.242.251
- ip 2.16.186.120
- ip 23.211.9.92
- HTTP/HTTPS requests
- url http://whopetithelp.ru/crystal/fre.php
- -------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement