2017-06-12 - LOKIBOT INFECTION

NOTICE:

ASSOCIATED FILES:

  • 2017-06-12-Lokibot-infection-traffic.pcap   (9,334 bytes)
  • 2017-06-12-Lokibot-malspam-0137-UTC.eml   (213,873 bytes)
  • PO12062017.ace   (157,430 bytes)
  • PO12062017.exe   (327,680 bytes)

 

NOTES:

 

EMAILS


Shown above:  Screen shot from the email.

 

EMAIL HEADERS:

 


Shown above:  Malicious executable in ACE archive from the malspam.

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

ACE ARCHIVE FROM THE EMAIL:

MALICIOUS BINARY EXTRACTED FROM THE ACE ARCHIVE (LOKI BOT):

ADDITIONAL FILE NOTED ON THE INFECTED HOST:

 

IMAGES


Shown above:  Updated Windows registry with the same file as last time.

 

Click here to return to the main page.