2020-06-15 - LOKIBOT INFECTION

ASSOCIATED FILES:

• 2020-06-15-Lokibot-IOCs.txt.zip   0.8 kB (800 bytes)
• 2020-06-15-Lokibot-infection-traffic.pcap.zip   236 kB (236,138 bytes)
• 2020-06-15-Lokibot-malware-and-artifacts.zip   375 kB (375,067 bytes)

NOTES:

• All zip archives on this site are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Screenshot of the Word doc used to generate this infection traffic.

 

Shown above:  Lokibot EXE initially saved to the victim Windows host.

 

Shown above:  Copy of Lokibot EXE under the AppData\Roaming directory.

 

Shown above:  Lokibot persistent on the infected Windows host.

 

Shown above:  Registry update to keep Lokibot persistent on the infected host.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  TCP stream of victim host retreiving Lokibot EXE.

 

Shown above:  Start of initial TCP stream with the Lokibot post-infection traffic.

 

Click here to return to the main page.