MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e84be834c00b60d67a1cd1872bb69cc34ea476f2de8b5d22c8a5dc360981b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e84be834c00b60d67a1cd1872bb69cc34ea476f2de8b5d22c8a5dc360981b0
SHA3-384 hash: e94b651cea28ac84460e2d6a662048921f92d02421e6db304a3b388bf7a611f42a748d45a43688568fd8b36bf5a3d181
SHA1 hash: 64c91e2056933adf41d46c2fdbc6b8b04d43b0ab
MD5 hash: 73b63ac4c0524258608c1dc8d904e44b
humanhash: september-uniform-orange-nitrogen
File name:BT3 A201 MLA MAJOR OVERHAUL.rar
Download: download sample
Signature Loki
Create hunting rule
File size:253'846 bytes
First seen:2020-06-03 08:29:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:R1+GeLyEHcoqbrQP5dsGmpe9lB68twP7ucqGtneQvu8xCkQDo:RoGeLj8ogkBdBz6Xtneou8xYDo
TLSH 614423B6631D7EC1AF052D668772344C73588BA33329416E988066FADCDDC82D3A37D9
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail0.458.celumltd.casa
Sending IP: 178.128.195.203
From: Steel Masters International <hec1@srv155.main-hosting.eu>
Subject: (Tender) ITB/LCT/TER/007-19-PR#17350923-BT3 A201 MLA MAJOR OVERHAUL & PR#25059495-2Z5220
Attachment: BT3 A201 MLA MAJOR OVERHAUL.rar (contains "BT3 A201 MLA MAJOR OVERHAUL.exe")

Loki C2:
http://netease-163mail-com.tk/Darren/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 06:08:11 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxuex2buyafwbvt2dtiyok5wttbu5jdw6lpiwxjczcs5ynqjqgya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 15e84be834c00b60d67a1cd1872bb69cc34ea476f2de8b5d22c8a5dc360981b0

(this sample)

Loki

Executable exe cd7cb9fcf332d42246a9496f91322139e9fce696baa466951116b72c8233bd6b

  
Dropping
MD5 a24e9220831fa252ee26795c47f32a8b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd7cb9fcf332d42246a9496f91322139e9fce696baa466951116b72c8233bd6b

Comments