fentq.org Loki Bot (Hosted In Russian Federation Moscow Mail.ru Llc)

By Pig, February 7, 2020

Domain : fentq.org

Ip : 89.208.196.209

HxxP: http://fentq.org/x/index.php

Steals info from filezilla : C:\Users\user\AppData\Roaming\filezilla\recentservers.xml

Steals info from browsers :

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@www1.euro.dell[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@i.dell[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@dell[1].txt

Sample :

Hosting Infos :hxxp://107.189.10.150/E/5097110.exe

hxxp://whois.domaintools.com/89.208.196.209

Categories: Uncategorized

Tags: AZORult

Previous postRansomware GandCrab v5.0.4

Next postbatlxt.org Loki Bot (Hosted in Russian Federation Moscow Mail.ru Llc)