MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cb72e890ad2ba9d7450e1f57d489a50910ba2082be291cc822afb09d2477e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cb72e890ad2ba9d7450e1f57d489a50910ba2082be291cc822afb09d2477e32
SHA3-384 hash: 6e8b8a98645bd1d34d3b37b7d836bae7a0ce1205593074246374cc889d4a09029996f73d1d85b20c27153a1be1416a32
SHA1 hash: 4b932e09816cadc6c415b91b7dd8805c52a0f8cc
MD5 hash: 86090102f8c1c4a42c2bf129877a0178
humanhash: whiskey-south-one-march
File name:Bank Madiri System Statement_PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:331'112 bytes
First seen:2020-05-14 06:26:56 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:VUd9aEakxEPMkxF2Y7wye785aCzcdDmLldfayR5rgsnL1AwfGZIl:8Fx4aY7fe78pomHSy/ksL6GGml
TLSH FB64235850A0B913164FCC0DEC689C7783BBA182CE4276D79A4A3E537FBEDC5960612D
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ip-172-31-21-154.ec2.internal
Sending IP: 54.145.164.71
From: Mandiri Cash Management <offiice.rdn@bankmandiri.co.id>
Reply-To: costomer service <ricknicolas.aol@hotmail.com>
Subject: Pemberitahuan Transaksi: Sukses
Attachment: Bank Madiri System Statement_PDF.gz (contains "gunzipped")

Loki C2:
http://missingandfound.com.my/pull/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
318
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ds3s5cik2k5j25cq4h2x2se2kciqxiqifprjdtecfl5qtushpyza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 1cb72e890ad2ba9d7450e1f57d489a50910ba2082be291cc822afb09d2477e32

(this sample)

Loki

Executable exe a7b91c9ac03af36608c0caafaf6e79025dbfdaf1ea6d4a57346aa812712d14b8

  
Dropping
MD5 66964dc89e68499603891bde8c2ea19c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7b91c9ac03af36608c0caafaf6e79025dbfdaf1ea6d4a57346aa812712d14b8

Comments