Rewterz Threat Alert – LokiBot Malware – Active IOCs

September 21, 2022

Severity

Medium

Analysis Summary

In early 2016, LokiBot was originally made available on underground forums for cybercriminals to use against Microsoft Android phones. This malware steals sensitive information including, usernames, cryptocurrency wallets, and other credentials via Trojan software. Malware grabs credentials by monitoring browser and desktop activities from the password storage using a keylogger. LokiBot can also install a backdoor into affected systems, allowing an attacker to install other payloads. Spam emails, communication channels such as SMS, Skype, and malicious websites are all used to spread LokiBot. This malware is utilized to keep track of what users are doing (for instance, recording keystrokes).

Impact

Information Theft
Exposure of Sensitive Data
Credential Theft

Indicators of Compromise

MD5

d91cfe1a42899f7ba97b820746184cb1
bc707c8c7084d994b94a942915f2b97c
bbcad3b8c69398a170c89ee3055a7a88

SHA-256

84c318121148dd86aed8a92f1c366f0552ee4caaba7af45a612af380f88370af
38f007ec6044838c17bb985f2395fa2d45029dee64579ffbc45995269cad042b
542219ba546fb9770b914cbc0f7fa117c1cf3fc2f8c4d58165e4884328196aba

SHA-1

29aace3de1c5b572231cbc794eb2713588851f60
92f4e16f4b3203cab9bc118ab6f06a89a2ba95e1
ebbc6cba8cbb6ab0128a9612fec1b2fbc55d1e37

Remediation

Search for IOCs in your environment.
Block all threat indications at their respective controls.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, the Middle East, and Africa – Active IOCs

Strela Stealer Malware Targets Microsoft Outlook Users for Credential Theft – Active IOCs

EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us