New Loki Botnet campaign: Please Find attached order

Beware of this Loki Botnet mail campaign which is currently doing it’s rounds.

This attack tries to lure unaware internet users into downloading and executing the Loki Botnet.

The threat actor tries to achieve this by sending individuals emails that are loaded with malicious attachments.

What is Loki

Loki-BotĀ (also spelled “Loki Bot” or “LokiBot”) is an information stealer that sends login credentials and other sensitive data from an infected Windows host to a server established for each malware sample.

The mail used to lure individuals into downloading and executing the Loki Botnet Trojan:

DearĀ sir

PleaseĀ findĀ attachedĀ order

ThanksĀ &Ā Regards, 

UttamĀ Pathani

PurchaseĀ &Ā StoresĀ Department 
AFĀ LOGO2Ā ERP1_resizeĀ  
THEĀ ALLIEDĀ FOUNDERSĀ PVT.Ā LTD. N-3,Ā Ind.Ā Estate,Ā Udyambag. BelgaumĀ 590Ā 008. Karnataka,Ā INDIA. 
PhoneĀ :-Ā +91Ā 831Ā 2440924 CellĀ :-Ā +Ā 91Ā 94801Ā 27967 
E-MailĀ :-Ā [email protected] 
Web:-Ā WWW.ALLIEDFOUNDERSINDIA.COM

Advice

  • Do not download and/or execute the attachment
  • Inform your security officer about this mail
  • Beware of opening attachments or any files that are provided to you

Additional information:Ā 

  • https://app.any.run/tasks/34a5ead2-dac1-4bb2-a24f-d5bfc698574f
  • https://www.hybrid-analysis.com/sample/1aec7cbf74ab9e80ef1cbf6f885d1f3ed272c13bd7065d142db23dc9ec0ccb4e/5bbae85f7ca3e13edc113917
  • https://www.virustotal.com/#/file/1aec7cbf74ab9e80ef1cbf6f885d1f3ed272c13bd7065d142db23dc9ec0ccb4e/detection
  • https://analyze.intezer.com/#/analyses/872f4282-92ce-4d14-a51a-60b0919ccc16
  • https://app.sndbox.com/sample/2e197138-826c-47a8-ab79-7199d15f9ab1/static
Share this information