MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b6d01c710332306188629ab729eb80523dc0b0f576745234ac34d96b5bb3b42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b6d01c710332306188629ab729eb80523dc0b0f576745234ac34d96b5bb3b42
SHA3-384 hash: b67f775db555ce235bbd484779f1952f54a28cd71266199d91446756babee1a8ba1b4976148293256e3db133693bf524
SHA1 hash: c73f218cf32c1fdc05183ca5320f69f1f9c0cae7
MD5 hash: d2f11effc807cdc87f8ea92b2975ab5e
humanhash: queen-fourteen-pasta-charlie
File name:INVtransfercopyreceipt07072020.img
Download: download sample
Signature Loki
Create hunting rule
File size:409'600 bytes
First seen:2020-07-07 08:32:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:IanyhYheMGQ08OjVR3VD/msF/Iv9tk2ecCMoz:uh0G3nNz/Iv9ocCDz
TLSH 399412426750E8A7C25D07F11C718A59FEE7D54A0A228B2B33EC774A7B66A41FF0E1C4
Reporter abuse_ch
Tags:img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: elpismedical.co.kr
Sending IP: 5.101.151.21
From: XU GENLUO <nathapong@dsb.co.th>
Reply-To: info@dennisbearman.com
Subject: Re: thanh toán
Attachment: INVtransfercopyreceipt07072020.img (contains "INVtransfercopyreceipt07072020.exe")

Loki C2:
http://modevin.ga/~zadmin/lmark/frega3/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b6d01c710332306188629ab729eb80523dc0b0f576745234ac34d96b5bb3b42/
Threat name:
Win32.Ransomware.NLoaderA
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:34:08 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnwqdryqgmrqmgegfgvxfhvyaur5ycypk5tuki2kyngznnn3hnba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img 1b6d01c710332306188629ab729eb80523dc0b0f576745234ac34d96b5bb3b42

(this sample)

Loki

Executable exe 3412f3e08654eceebff6c557eb9f0e82ab9e7b4cf5b0a3b9f2c7fefa5d07fe75

  
Dropping
MD5 7e5783717dd46ed1a4cb15fb803fa44a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3412f3e08654eceebff6c557eb9f0e82ab9e7b4cf5b0a3b9f2c7fefa5d07fe75

Comments