download: | Invoice.exe |
Full analysis: | https://app.any.run/tasks/c971fc18-5ce9-44d2-b21a-54209499f079 |
Verdict: | Malicious activity |
Threats: | LokiBot was developed in 2015 to steal information from a variety of applications. Despite the age, this malware is still rather popular among cybercriminals. |
Analysis date: | June 12, 2019, 08:55:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5: | E69BD345A00CBE7040E90374249662C8 |
SHA1: | 0E3B26126C68C2EC4C8284A309559A2C3A4CC093 |
SHA256: | 189325CDF16ED29CDACD0F3C83795F6A6C231FCD3C425D419748AA7ED6C54D44 |
SSDEEP: | 12288:NkfS1yoGHHWOxDrsuElEQZWPcb3vPILS8L4mNRJViQKKQmpRAIRAo:NaKyVHbsuEGQMPckL8aiQNYXo |
.exe | | | UPX compressed Win32 Executable (42.1) |
---|---|---|
.exe | | | Win32 EXE Yoda's Crypter (41.3) |
.exe | | | Win32 Executable (generic) (7) |
.exe | | | Win16/32 Executable Delphi generic (3.2) |
.exe | | | Generic Win/DOS Executable (3.1) |
ProductVersion: | 1.2 |
---|---|
ProductName: | ByteFence |
LegalCopyright: | Copyright Byte Technologies LLC. |
FileVersion: | 1.2 |
FileDescription: | ByteFence Real-time Protection Service |
CompanyName: | Byte Technologies LLC. |
CharacterSet: | Unicode |
LanguageCode: | English (U.S.) |
FileSubtype: | - |
ObjectFileType: | Executable application |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x003f |
ProductVersionNumber: | 1.2.0.0 |
FileVersionNumber: | 1.2.0.0 |
Subsystem: | Windows GUI |
SubsystemVersion: | 4 |
ImageVersion: | - |
OSVersion: | 4 |
EntryPoint: | 0x173cb0 |
UninitializedDataSize: | 884736 |
InitializedDataSize: | 73728 |
CodeSize: | 634880 |
LinkerVersion: | 2.25 |
PEType: | PE32 |
TimeStamp: | 1992:06:20 00:22:17+02:00 |
MachineType: | Intel 386 or later, and compatibles |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 19-Jun-1992 22:22:17 |
Detected languages: |
|
CompanyName: | Byte Technologies LLC. |
FileDescription: | ByteFence Real-time Protection Service |
FileVersion: | 1.2 |
LegalCopyright: | Copyright Byte Technologies LLC. |
ProductName: | ByteFence |
ProductVersion: | 1.2 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0050 |
Pages in file: | 0x0002 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x000F |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x001A |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000100 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 3 |
Time date stamp: | 19-Jun-1992 22:22:17 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x000D8000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
UPX1 | 0x000D9000 | 0x0009B000 | 0x0009B000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.95098 |
.rsrc | 0x00174000 | 0x00012000 | 0x00011C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.09739 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 1.95059 | 1324 | Latin 1 / Western European | English - United States | RT_VERSION |
2 | 6.87811 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
3 | 6.52358 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
4 | 6.9551 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
5 | 6.85127 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
6 | 6.85604 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
7 | 7.21646 | 308 | Latin 1 / Western European | UNKNOWN | RT_CURSOR |
50 | 5.13682 | 67624 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4079 | 4.30037 | 332 | Latin 1 / Western European | UNKNOWN | RT_STRING |
4080 | 2.49712 | 996 | Latin 1 / Western European | UNKNOWN | RT_STRING |
KERNEL32.DLL |
advapi32.dll |
comctl32.dll |
comdlg32.dll |
gdi32.dll |
ole32.dll |
oleaut32.dll |
user32.dll |
version.dll |
winmm.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3104 | "C:\Users\admin\AppData\Local\Temp\Invoice.exe" | C:\Users\admin\AppData\Local\Temp\Invoice.exe | explorer.exe | |
User: admin Company: Byte Technologies LLC. Integrity Level: MEDIUM Description: ByteFence Real-time Protection Service Exit code: 0 Version: 1.2 | ||||
4092 | C:\Users\admin\AppData\Local\Temp\jyelew.exe | C:\Users\admin\AppData\Local\Temp\jyelew.exe | — | Invoice.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2872 | Notepad.exe | C:\Windows\system32\Notepad.exe | jyelew.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2228 | "C:\Windows\system32\Notepad.exe" | C:\Windows\system32\Notepad.exe | Notepad.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2996 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 65.0.2 | ||||
3776 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.0.1475941362\442987495" -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\admin\AppData\LocalLow\Mozilla\Temp-{ce348e4c-7d33-445e-89f9-60108c51bcaf}" 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 1120 gpu | C:\Program Files\Mozilla Firefox\firefox.exe | — | firefox.exe |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Exit code: 1 Version: 65.0.2 | ||||
3244 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.6.1301236539\1767781394" -childID 1 -isForBrowser -prefsHandle 1232 -prefMapHandle 1728 -prefsLen 1 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 1796 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 | ||||
3660 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.13.676142767\1580668437" -childID 2 -isForBrowser -prefsHandle 2620 -prefMapHandle 2624 -prefsLen 216 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 2636 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 | ||||
3596 | "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2996.20.1456183330\2028611777" -childID 3 -isForBrowser -prefsHandle 3428 -prefMapHandle 3432 -prefsLen 5824 -prefMapSize 180950 -schedulerPrefs 0001,2 -parentBuildID 20190225143501 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2996 "\\.\pipe\gecko-crash-server-pipe.2996" 3444 tab | C:\Program Files\Mozilla Firefox\firefox.exe | firefox.exe | |
User: admin Company: Mozilla Corporation Integrity Level: LOW Description: Firefox Exit code: 0 Version: 65.0.2 | ||||
3404 | "C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/904ca120-e720-404c-a1fa-6d4d3363d9c6/health/Firefox/65.0.2/release/20190225143501?v=4 C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\saved-telemetry-pings\904ca120-e720-404c-a1fa-6d4d3363d9c6 | C:\Program Files\Mozilla Firefox\pingsender.exe | firefox.exe | |
User: admin Company: Mozilla Foundation Integrity Level: MEDIUM Exit code: 0 Version: 65.0.2 |
(PID) Process: | (2872) Notepad.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | jyelew |
Value: C:\Users\admin\AppData\Local\jyelew\jyelew.vbs | |||
(PID) Process: | (2228) Notepad.exe | Key: | HKEY_CURRENT_USER\������О�����ш������Џ����Й��я�� |
Operation: | write | Name: | F63AAA |
Value: %APPDATA%\F63AAA\A71D80.exe | |||
(PID) Process: | (2996) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2996) firefox.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (3404) pingsender.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (3404) pingsender.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 460000006F000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (2420) pingsender.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings |
Operation: | write | Name: | ProxyEnable |
Value: 0 | |||
(PID) Process: | (2420) pingsender.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections |
Operation: | write | Name: | SavedLegacySettings |
Value: 4600000070000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000 | |||
(PID) Process: | (3404) pingsender.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3404) pingsender.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81 |
Operation: | write | Name: | Blob |
Value: 0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2228 | Notepad.exe | C:\Users\admin\AppData\Roaming\F63AAA\A71D80.lck | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\cache2\trash18345 | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.sbstore | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-malware-simple.pset | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.sbstore | — | |
MD5:— | SHA256:— | |||
2996 | firefox.exe | C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\safebrowsing-updating\test-phish-simple.pset | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2996 | firefox.exe | GET | 200 | 88.221.144.105:80 | http://detectportal.firefox.com/success.txt | IT | text | 8 b | whitelisted |
2996 | firefox.exe | POST | 200 | 172.217.22.3:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2996 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
2228 | Notepad.exe | POST | — | 104.168.248.212:80 | http://aljust.website/panel/fre.php | US | — | — | malicious |
2228 | Notepad.exe | POST | — | 104.168.248.212:80 | http://aljust.website/panel/fre.php | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2996 | firefox.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2996 | firefox.exe | 54.190.222.97:443 | search.services.mozilla.com | Amazon.com, Inc. | US | malicious |
2996 | firefox.exe | 88.221.144.105:80 | detectportal.firefox.com | Akamai International B.V. | IT | whitelisted |
2228 | Notepad.exe | 104.168.248.212:80 | aljust.website | Hostwinds LLC. | US | malicious |
2996 | firefox.exe | 13.32.159.68:443 | snippets.cdn.mozilla.net | Amazon.com, Inc. | US | unknown |
2996 | firefox.exe | 52.43.91.152:443 | tiles.services.mozilla.com | Amazon.com, Inc. | US | unknown |
2996 | firefox.exe | 35.165.116.96:443 | aus5.mozilla.org | Amazon.com, Inc. | US | unknown |
2996 | firefox.exe | 185.60.216.35:443 | facebook.com | Facebook, Inc. | IE | whitelisted |
2996 | firefox.exe | 185.60.216.19:443 | static.xx.fbcdn.net | Facebook, Inc. | IE | whitelisted |
2996 | firefox.exe | 172.217.22.3:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
aljust.website |
| malicious |
aus5.mozilla.org |
| whitelisted |
detectportal.firefox.com |
| whitelisted |
balrog-aus5.r53-2.services.mozilla.com |
| whitelisted |
a1089.dscd.akamai.net |
| whitelisted |
search.services.mozilla.com |
| whitelisted |
search.r53-2.services.mozilla.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
cs9.wac.phicdn.net |
| whitelisted |
tiles.services.mozilla.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot User-Agent (Charon/Inferno) |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Checkin |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 |
2228 | Notepad.exe | A Network Trojan was detected | MALWARE [PTsecurity] Loki Bot Check-in M2 |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot User-Agent (Charon/Inferno) |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Checkin |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 |
2228 | Notepad.exe | A Network Trojan was detected | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 |
2228 | Notepad.exe | A Network Trojan was detected | MALWARE [PTsecurity] Loki Bot Check-in M2 |