Categories
IOC Malware

New Loki Botnet campaign: Please Find attached order

Beware of this Loki Botnet mail campaign which is currently doing it’s rounds.

This attack tries to lure unaware internet users into downloading and executing the Loki Botnet.

The threat actor tries to achieve this by sending individuals emails that are loaded with malicious attachments.

What is Loki

Loki-Bot (also spelled “Loki Bot” or “LokiBot”) is an information stealer that sends login credentials and other sensitive data from an infected Windows host to a server established for each malware sample.

The mail used to lure individuals into downloading and executing the Loki Botnet Trojan:

Dear sir

Please find attached order

Thanks & Regards, 

Uttam Pathani

Purchase & Stores Department 
AF LOGO2 ERP1_resize  
THE ALLIED FOUNDERS PVT. LTD. N-3, Ind. Estate, Udyambag. Belgaum 590 008. Karnataka, INDIA. 
Phone :- +91 831 2440924 Cell :- + 91 94801 27967 
E-Mail :- [email protected] 
Web:- WWW.ALLIEDFOUNDERSINDIA.COM

Advice

  • Do not download and/or execute the attachment
  • Inform your security officer about this mail
  • Beware of opening attachments or any files that are provided to you

Additional information: 

  • https://app.any.run/tasks/34a5ead2-dac1-4bb2-a24f-d5bfc698574f
  • https://www.hybrid-analysis.com/sample/1aec7cbf74ab9e80ef1cbf6f885d1f3ed272c13bd7065d142db23dc9ec0ccb4e/5bbae85f7ca3e13edc113917
  • https://www.virustotal.com/#/file/1aec7cbf74ab9e80ef1cbf6f885d1f3ed272c13bd7065d142db23dc9ec0ccb4e/detection
  • https://analyze.intezer.com/#/analyses/872f4282-92ce-4d14-a51a-60b0919ccc16
  • https://app.sndbox.com/sample/2e197138-826c-47a8-ab79-7199d15f9ab1/static

By CWZ

Founder of Cyberwarzone.com.