MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06816722f66836d4f0cda1f6f2377e193f17af09a7fb36a7ef762ae2d8bf3cf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06816722f66836d4f0cda1f6f2377e193f17af09a7fb36a7ef762ae2d8bf3cf5
SHA3-384 hash: af60111c4adcbc2d57ef08150cbb0b718001989b1c9a46bcc07ed97ee03f7f6f12672140c86deeed1ea4f2bfd1710d05
SHA1 hash: f1ec2e0d2b0d944d72e49017bde7bb8e9ad5140c
MD5 hash: a1c62f28048c27aafd493e3750b9a588
humanhash: sad-six-fifteen-zulu
File name:REVISED PURCHASE ORDER_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:777'127 bytes
First seen:2020-05-14 05:58:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:aLziUiQO6h4KZlI5y4XZsIXm758p05YrGzS4j8QYHu2KQgG0l4B1q/l1pD3PH7jv:anyQ3ZlI5yOZsIXm7TGrGznj8/O2zgGo
TLSH 7BF433674C67F0E93B8A4A973D1805FAEAD7419528E1C04FDAADE3077F904D1DCAB602
Reporter abuse_ch
Tags:arj COVID-19 Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: LH SHIPPING PTE. LTD. <sales@lafargeholcim.com>
Subject: Due to COVID'19 - REVISED PURCHASE ORDER
Attachment: REVISED PURCHASE ORDER_pdf.arj (contains "REVISED PURCHASE ORDER_pdf.exe")

Loki C2:
http://beesco.net/second/chief3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 04:20:23 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a2awoixwna3nj4gnuh3pen36de7rplyju75tnj7poyvofwf7ht2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 06816722f66836d4f0cda1f6f2377e193f17af09a7fb36a7ef762ae2d8bf3cf5

(this sample)

Loki

Executable exe ec8bb56bd664de90b06d8219ac5b1326da2875a0b0c255befbd8553b0b5c4cfb

  
Dropping
MD5 01985e389ca3c448eb06b9830131e3de
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec8bb56bd664de90b06d8219ac5b1326da2875a0b0c255befbd8553b0b5c4cfb

Comments