Request a Demo
Rewterz
Rewterz Threat Alert – FormBook Malware – Active IOCs
September 14, 2021
Rewterz
Rewterz Threat Alert – Vidar Malware – Active IOCs
September 14, 2021

Rewterz Threat Alert – LokiBot Malware – Active IOCs

Severity

High

Analysis Summary

LokiBot is a commodity malware sold on underground sites which are designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets. LokiBot is trojan-type malware designed to infiltrate systems and collect a wide range of information. Lokibot targets Android and Windows operating systems. It is distributed via spam emails, various private messages (SMS, Skype, etc.), and malicious websites. It is also used for tracking users’ activity (for instance, recording keystrokes).

Impact

  • Information Theft
  • Exposure of Sensitive Data
  • Credential Theft

Indicators of Compromise

MD5

  • 2277854dee996a5460e95199d912ad30
  • 9c4ee3f53a72b520d9694ec170d0f5c6
  • 9252cb97aca155a26f6b1cb739116e6a
  • 9ac371a30cbd9fec68c18a1b2405d69b
  • 284ee717e9586bfcc5c8f63d22a6cefd
  • 9ac371a30cbd9fec68c18a1b2405d69b
  • 7ee83dd92fdd8ee73a7a7ce01051deb1
  • 9c743b9a0d7425e7f4efc41bb4ced5f8
  • 01fe8dea3052e01136d2e8bb7ab75fb9

SHA-256

  • e6ced412f5cb111838ab69ca034ff593ad79c8192edf088e1557f2580ce4516d
  • 0fb8acbb8ec909582e089b728d516ae9f5f5dc3309fbd77eb104cefef61f5e82
  • 433243652ea715b804e2191f1973597f8f9a870c83f956a6f04258f75241aa20
  • 30cac5dddc6d9c235c35ae552ec995845eb34d82f9fdb74af722f193d8f53fcb
  • e4ddd3ba1f8bdb01d6316f7353402981fa65733f5b4369f49710ce1e263943f8
  • 30cac5dddc6d9c235c35ae552ec995845eb34d82f9fdb74af722f193d8f53fcb
  • 7b864567ce2527e7dee91118c1bbf6bd1855ca15588c3a743fe535574345b451
  • 975f4952ff6416ec9bdab9f80290b87e461e9a315df54c98895917efce12d6cc
  • 03cb95fdd2bb94ff411d1737206768638ad47e1a0a52a31f8b697dc6a827fc48

SHA1

  • c1e84c31ccde4b7a80c3eae5ddd66594facefdfd
  • 13d8c9e50d4a868a2248e903f582d0c874f5d988
  • 1ce207a5550d70d11441b612543911795e1fa660
  • 39f8c08d1ee22f5f7479b9d55fcb1c0471e263dc
  • fbbbe0571bdbc7eb6d0338a566faa55f94b1c1b0
  • 39f8c08d1ee22f5f7479b9d55fcb1c0471e263dc
  • fb0925b0ded9b413c0562cfcf32fd9da14ef9a7a
  • 1e106d2d8f0693d302da808d10f32e6c44b37db3
  • a68e6bd940df95fdafd67e6cbacff5d4995c616c

Remediation

  • Block all threat indicators at their respective controls.
  • Search for IOCs in your environment.