Rewterz Threat Alert – Lokibot Malware – IoCs
September 13, 2019Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information
September 16, 2019Rewterz Threat Alert – Lokibot Malware – IoCs
September 13, 2019Rewterz Threat Alert – InnfiRAT Malware Steals Litecoin And Bitcoin Wallet Information
September 16, 2019Severity
High
Analysis Summary
A new spam campaign is underway that pretends to be a job application from “Eva Richter” who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim’s files by installing the Ordinypt Wiper.
Ordinypt is a destructive malware commonly targeted at German people that pretends to be ransomware that encrypts your files and then demands victim’s pay a ransom to get their files back. Unfortunately, even if a user pays the ransom, the files have been overwritten with garbage and cannot be decrypted.
The ransom note goes like this:
Impact
File encryption
Indicators of Compromise
Filename
Eva Richter Bewerbung und Lebenslauf.pdf.exe
Malware Hash (MD5/SHA1/SH256)
24de0b9eb94e6f80fcd9078112015a92d9c42cec889452f069447af461edd7ff
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/attachments sent by unknown senders.