kbbxnq.am.files.1drv.com(Loki Bot Hosted In United States Of America Des Moines Microsoft Corporation)

By Pig, February 19, 2020

Connects to random domains like : kbbxnq.am.files.1drv.com

Downloads encrypted file from : hxxps://onedrive.live.com/download?cid=95FCF6A0982EDBAA&resid=95FCF6A0982EDBAA%21384&authkey=ADToz6om2_g4nq4

Steals Data from : Vivaldi, Maple Studio, SecureFX, Pocomail, Chromium, KiTTY, NCH Fling, Orbitum, AbleFTP, IncrediMail, Internet Explorer / Edge, CocCoc, Bitvise SSH Client, Microsoft Outlook, NCH Classic FTP, BlazeFTP, WinChips, Epic Privacy Browser, Pidgin, PuTTY, Automize, FAR Manager, Yandex Browser, Comodo Dragon, Chrome Canary, JaSFTP, Google Chrome, Total Commander, Trojita, Internet Explorer, FileZilla, Torch, Opera Mail, Opera, QtWeb Internet Browser, LinasFTP, FTP Navigator.

Sample : hxxp://www.wiserecruitment.com.au/zed/new.exe

Hosting Infos :

hxxps://whois.domaintools.com/13.107.42.12

Categories: Uncategorized

Tags: Loki Bot

Previous post185.126.201.167 (Loki Bot Hosted In IRAN)

Next post92.63.197.190(Ruski Email Worm Hosted In AS60307 HVFOPSERVER-AS, UA)

185.126.201.167 (Loki Bot Hosted In IRAN)

myehterwallet.top Loki bot (Hosted in China Hangzhou Alibaba.com Llc)