MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 252426034ab94b2b6a32fd8c68624325ea8ae82e9e30269dc74a1dad8268a245. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 252426034ab94b2b6a32fd8c68624325ea8ae82e9e30269dc74a1dad8268a245
SHA3-384 hash: b8fb2bf0a6f923b134f7bedf7f2ddfe0ec55add5b0ff8bcd99d4c705588771a9df60d8ad7b0a3e8d51fe55d3657a2198
SHA1 hash: 00982a4fcbfddf1ebc9d0dbc182e0711c906035d
MD5 hash: 29ee61e4f0961376ad9e31a40d8a7bbf
humanhash: quiet-finch-princess-december
File name:要求报价 02-07-2020·pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:350'551 bytes
First seen:2020-07-02 06:49:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:1VWpwDeXOm7NitaoXuUiu1DPe6UbDRnjLFKp/NZX6oVZaefbceKvjeNHVQ5x9XHe:1V0w67wtawu01reLJFK1NZX6oV36eNHD
TLSH 1A7423BE25E3CBFA0221FF73613A312E1598520BA40B9A84923179CF517D57E1EB47C8
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.undorthemoure.cf
Sending IP: 64.52.175.200
From: 國立臺灣大學 <admin@ntu.edu.tw>
Subject: URGENT: 要求报价(國立台灣大學)UNI894/BU463
Attachment: 要求报价 02-07-2020·pdf.zip (contains "要求报价 02-07-2020·pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/252426034ab94b2b6a32fd8c68624325ea8ae82e9e30269dc74a1dad8268a245/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:51:08 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=euscma2kxffsw2rs7wggqysdexviv2botyycnhohjio23atiujcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 252426034ab94b2b6a32fd8c68624325ea8ae82e9e30269dc74a1dad8268a245

(this sample)

Loki

Executable exe c979e54186f670ead05d0b789572f92001e3a7e4df60263570dbd73cbd1f2e62

  
Dropping
MD5 4d2975952409d9065ef9343b9e7d0b7f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c979e54186f670ead05d0b789572f92001e3a7e4df60263570dbd73cbd1f2e62

Comments