Loading ...

Play interactive tourEdit tour

Windows Analysis Report ORDINE + DDT A.M.F SpA.exe

Overview

General Information

Sample Name:ORDINE + DDT A.M.F SpA.exe
Analysis ID:528460
MD5:f5423b7a89876044078cbb68db883af8
SHA1:24c550c47d26090f298fea030d7fb890c94737a5
SHA256:68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
Infos:

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Lokibot
Antivirus detection for URL or domain
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • ORDINE + DDT A.M.F SpA.exe (PID: 4632 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)
    • ORDINE + DDT A.M.F SpA.exe (PID: 8108 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)
      • lsass.exe (PID: 120 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108JoeSecurity_Lokibot_1Yara detected LokibotJoe Security

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\lsass.exe, CommandLine: C:\Windows\system32\lsass.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\lsass.exe, NewProcessName: C:\Windows\System32\lsass.exe, OriginalFileName: C:\Windows\System32\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" , ParentImage: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe, ParentProcessId: 8108, ProcessCommandLine: C:\Windows\system32\lsass.exe, ProcessId: 120

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}
        Multi AV Scanner detection for submitted fileShow sources
        Source: ORDINE + DDT A.M.F SpA.exeVirustotal: Detection: 21%Perma Link
        Antivirus detection for URL or domainShow sources
        Source: https://farmanat.ro/arman30/five/fre.phpAvira URL Cloud: Label: malware
        Source: http://farmanat.ro/arman30/five/fre.phpAvira URL Cloud: Label: malware
        Multi AV Scanner detection for domain / URLShow sources
        Source: farmanat.roVirustotal: Detection: 10%Perma Link
        Source: https://farmanat.ro/arman30/five/fre.phpVirustotal: Detection: 11%Perma Link
        Source: http://farmanat.ro/arman30/five/fre.phpVirustotal: Detection: 10%Perma Link
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: unknownHTTPS traffic detected: 197.242.150.64:443 -> 192.168.11.20:49816 version: TLS 1.2

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49821 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49821 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49967 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49967 -> 176.223.209.128:80
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: https://fabricraft.co.za/Farmant_hhVNwJna195.bin
        Source: Joe Sandbox ViewASN Name: ROHOSTWAY-ASRO ROHOSTWAY-ASRO