Flokibot is a malware variant based on the same codebase that was used by the infamous Zeus trojan. Once the malware is executed, it attempts to inject malicious code into 'explorer.exe'.
The Flokibot Tools are a collection of scripts that help automate portions of the analysis of Flokibot. These scripts enable analysts to dump the configuration parameters used by Flokibot samples, as well as the Flokibot payload itself.
- PayloadDump - Extracts the final payload in PE32 format from the initial Flokibot sample.
- ConfigDump - Enables the extraction of the Flokibot configuration parameters used by the sample.
The scripts can be downloaded from Github here.