Malware-Traffic-Analysis.net - 2020-01-16 - Lokibot malspam and infection traffic

2020-01-16 - LOKIBOT MALSPAM AND INFECTION TRAFFIC

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

2020-01-16-Lokibot-infection-traffic.pcap.zip 12 kB (12,148 bytes)

2020-01-16-Lokibot-infection-traffic.pcap (41,496 bytes)

2020-01-16-Lokibot-malspam-malware-and-IOCs.zip 606 kB (606,348 bytes)

2020-01-16-Lokibot-EXE-file.bin (488,448 bytes)

2020-01-16-Lokibot-infection-IOCs.txt (963 bytes)

2020-01-16-RAR-archive-attached-to-Lokibot-malspam.bin (195,964 bytes)

2020-01-16-Windows-registry-entry-for-Lokibot.txt (1,084 bytes)

2020-01-16-malspam-pushing-Lokibot.eml (278,082 bytes)

IMAGES

Shown above: Screenshot of the malspam.

Shown above: Attached RAR archive and extracted Windows executable file for Lokibot.

Shown above: Traffic from the infection filtered in Wireshark.

Shown above: TCP stream from callback traffic caused by Lokibot.

Click here to return to the main page.