Friday, April 27, 2018

Details of Lokibot - Malspam

#Lokibot #malspam
new stub.exe
https://www.virustotal.com/#/file/c57d35326f21f5e5453cee9075a8923a157c60de2935b28de8765c266289f3f9/community
dumped #lokibot
https://www.virustotal.com/#/file/80945428e65ed1a75597a0855e02d04bf721ec9ee74eeec6ca8908ec00d98995/detection
Dropped
sha256 C:\Users\admin\AppData\Roaming\F63AAA\A71D80.exe 4878c77955611f9641100aae97867c5d3bd4183aa8ddf4b45ca453990f5f51fa 

IOC details:

 Connections
Malicious IP address: 91.234.99(.)171
Malicious url hxxp://dealinproces(.)com/doll/Panel/five/fre.php
post by
newWorld
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...