A Deep Dive into Lokibot Infection Chain
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 48171586-ef37-4ae7-ae0e-a4e0112ff95f |
| Fingerprint | 8e75151128ba468f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 6, 2021, 9 a.m. |
| Added to db | Sept. 11, 2022, 12:38 p.m. |
| Last updated | Nov. 17, 2024, 5:58 p.m. |
| Headline | Vulnerability Information |
| Title | A Deep Dive into Lokibot Infection Chain |
| Detected Hints/Tags/Attributes | 59/3/22 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 41 | discord.com |
|
| Details | Domain | 904 | snort.org |
|
| Details | Domain | 2 | millsmiltinon.com |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1 | mhex.url |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 1 | c:\users\public\cde.bat |
|
| Details | File | 1 | c:\users\public\x.bat |
|
| Details | File | 1 | c:\users\public\x.vbs |
|
| Details | File | 1 | c:\users\public\natso.bat |
|
| Details | File | 1 | natso.bat |
|
| Details | File | 1 | nasto.bat |
|
| Details | File | 62 | fodhelper.exe |
|
| Details | File | 1 | xehmigm.exe |
|
| Details | sha256 | 1 | d5a68a111c359a22965206e7ac7d602d92789dd1aa3f0e0c8d89412fc84e24a5 |
|
| Details | sha256 | 1 | 6b53ba14172f0094a00edfef96887aab01e8b1c49bdc6b1f34d7f2e32f88d172 |
|
| Details | sha256 | 1 | b36d914ae8e43c6001483dfc206b08dd1b0fbc5299082ea2fba154df35e7d649 |
|
| Details | sha256 | 1 | 93ec3c23149c3d5245adf5d8a38c85e32cda24e23f8c4df2e19e1423739908b7 |
|
| Details | sha256 | 1 | 21e23350b05a4b84cdf5c93044d780558e6baf81b2148fdda4583930ab7cb836 |
|
| Details | sha256 | 1 | c9038e31f798119d9e93e7eafbdd3e0f215e24ee2200fcd2a3ba460d549894ab |
|
| Details | Url | 7 | https://discord.com |
|
| Details | Url | 1 | http://millsmiltinon.com/ojhyhkfkmofwendkfptktnbjgmfkgtdeitobregvdgetyhsk/xehmigm.exe |