2020-06-15 - LOKIBOT INFECTION

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Screenshot of the Word doc used to generate this infection traffic.

 


Shown above:  Lokibot EXE initially saved to the victim Windows host.

 


Shown above:  Copy of Lokibot EXE under the AppData\Roaming directory.

 


Shown above:  Lokibot persistent on the infected Windows host.

 


Shown above:  Registry update to keep Lokibot persistent on the infected host.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  TCP stream of victim host retreiving Lokibot EXE.

 


Shown above:  Start of initial TCP stream with the Lokibot post-infection traffic.

 

Click here to return to the main page.