API tools faq
paste
Advertisement
ExecuteMalware

2021-08-12 Lokibot IOCs

ExecuteMalware
Aug 12th, 2021 (edited)
10,474
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.04 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: LOKIBOT
  2.  
  3. SUBJECTS OBSERVED
  4. Richiesta di quotazione
  5.  
  6. SENDERS OBSERVED
  7. caterina.ciambrone@alteaenergia.com
  8.  
  9. MALDOC FILE HASHES
  10. Richiesta di quotazione.gz
  11. 6ea1f325962183bb76eb910bba5d8083
  12.  
  13. LOKIBOT PAYLOAD FILE HASHES
  14. ConsoleApp2.exe
  15. 329693bf1fce73c334b98dedce191db1
  16.  
  17. Renamed and copied to Appdta\Roaming\17E4D9
  18. 97071E.exe
  19. 329693bf1fce73c334b98dedce191db1
  20.  
  21. LOKIBOT C2
  22. http://avatar.ps/modules/five/fre.php
  23.  
  24. C2 PACKET CONTENTS
  25. LOKIBOT C2 PACKET
  26. POST /modules/five/fre.php HTTP/1.0
  27. User-Agent: Mozilla/4.08 (Charon; Inferno)
  28. Host: avatar.ps
  29. Accept: */*
  30. Content-Type: application/octet-stream
  31. Content-Encoding: binary
  32. Content-Key: DA6FF4FE
  33. Content-Length: 149
  34. Connection: close
  35.  
  36. HTTP/1.1 200 OK
  37. Date: Thu, 12 Aug 2021 20:54:09 GMT
  38. Server: Apache
  39. Upgrade: h2,h2c
  40. Connection: Upgrade, close
  41. Content-Length: 23
  42. Content-Type: text/html; charset=UTF-8
  43.  
  44. ........File not found.
  45.  
  46. SUPPORTING EVIDENCE
  47. https://www.virustotal.com/gui/file/9b83e59783b63981f9f85b2939e038531deb96457d91d5d8debc93f396a15272/detection
  48.  
  49.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!