MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cd2d9fd5f58cbada94616c7b92032bd3bbc0902edd600d6ce4f857a2cb94aa4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cd2d9fd5f58cbada94616c7b92032bd3bbc0902edd600d6ce4f857a2cb94aa4
SHA3-384 hash: df3170781792e3ae83ae7853bd6d4ade2bab4b52ccc3beb86b7e5be279812bc5013fb7f358a99c0beedcbee4dc78e315
SHA1 hash: 2c49f284aa8b5246d0e6189527e6bae0ee37e1c4
MD5 hash: 6895e9f031f82580d77a79f3783db156
humanhash: minnesota-cola-idaho-angel
File name:Payment Transfer_ copy_scan.iso
Download: download sample
Signature Loki
Create hunting rule
File size:1'290'240 bytes
First seen:2020-06-01 19:47:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Jtb20pkaCqT5TBWgNQ7aa2A/Xkya6deQe705Ki6A:aVg5tQ7aaL/XkyaZd705h5
TLSH CB55AD1223DD8260C77E51737A1577416E7BF82935A0FC7B2FF88938AA201215E1E66F
Reporter abuse_ch
Tags:iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.minikid.lv
Sending IP: 193.169.166.46
From: CBZ Bank Limited <aorp@cbz.co.zw>
Subject: R: Interbank transfer payment/TT_Payment copy
Attachment: Payment Transfer_ copy_scan.iso (contains "Payment Transfer_ copy_scan.exe")

Loki C2:
http://maisadour.co/P1/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 20:36:10 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dtjnt7k7ldf23kkgc3d3sibsxu53ycic5xlabvwoj6cxulfzjksa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso 1cd2d9fd5f58cbada94616c7b92032bd3bbc0902edd600d6ce4f857a2cb94aa4

(this sample)

Loki

Executable exe 98adc81333513f7dda2e6217243bb0c0f2eb602c50c90702c3742b0ffb010d94

  
Dropping
MD5 4ae665a06c3266829134ccdd56a52027
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 98adc81333513f7dda2e6217243bb0c0f2eb602c50c90702c3742b0ffb010d94

Comments